Full_Name: Clément OUDOT Version: 2.4.38 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (88.173.78.196)
I set up a slave configuration with ppolicy_forward_updates feature.
In my data backend config, I have:
olcUpdateRef: ldap://localhost:389
And I created the chain overlay and a sub ldap backend like this:
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectClass: top objectClass: olcConfig objectClass: olcChainConfig objectClass: olcOverlayConfig olcOverlay: {0}chain
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: {0}ldap olcDbIDAssertBind: bindmethod="simple" binddn="cn=admin,dc=example,dc=com" credentials="secret" mode="none"
This configuration do not work: the BIND on the master server is done anonymously, despite the olcDbIDAssertBind value.
To work, I need to add:
olcDbUri: ldap://localhost:389
Seems the problem exist in OpenLDAP unit test 32, see tests/data/slapd-chain1.conf :
# uses the chain overlay as global; # no chain-URI is configured, so the URI is parsed out of the referral overlay chain chain-uri @URI2@ chain-idassert-bind bindmethod=simple binddn="cn=Manager,dc=example,dc=com" credentials=secret mode=self flags=non-prescriptive
The comment say "no chain-URI is configured', but the chain-uri is configured.
Where is the truth?