https://bugs.openldap.org/show_bug.cgi?id=9950
Issue ID: 9950 Summary: Need example configuration backend-sock Product: OpenLDAP Version: 2.4.57 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs@openldap.org Reporter: earyutin@gmail.com Target Milestone: ---
Hi all !
I set up two backends on different ports, one is a proxy for MS AD, and the second is a backend shell. I want to update to the latest version of OpenLDAP, but there is no backend shell support in the next versions. I can't find any documentation or examples that I could rely on to set up a backend for backend sock.
Added the following to the files:
port 389 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema
modulepath /usr/lib/ldap moduleload back_ldap.la moduleload rwm.la
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldap://ldap.test.com" suffix "dc=test,dc=com" overlay rwm
rwm-map attribute uid sAMAccountName rwm-map attribute mail proxyAddresses
rebind-as-user yes
access to attrs=userPassword by self write by anonymous auth by * none
access to * by self write by * none
port 9000 modulepath /usr/lib/ldap moduleload back_sock.la moduleload back_sock
database sock suffix "dc=test,dc=com" socketpath /tmp/slapd.sock
Next, I don't know where to go.
Could you demonstrate a working example of running and processing scripts based on the backend-sock?
I need to launch my own script that would check the second factor (should check for the presence of a certain attribute in the Active Directors directory and then skip or not skip authorization based on a given condition).
Help me figure it out please..
Thank you !
https://bugs.openldap.org/show_bug.cgi?id=9950
--- Comment #1 from earyutin earyutin@gmail.com --- At the moment I have such a working config on port 9000
modulepath /usr/lib/ldap moduleload back_shell.so
database shell suffix "dc=test,dc=com" bind /etc/ldap/shell/bind.sh search /etc/ldap/shell/search.sh
https://bugs.openldap.org/show_bug.cgi?id=9950
--- Comment #2 from earyutin earyutin@gmail.com --- I found similar scripts as on the page "https://www.openldap.org/lists/openldap-technical/201506/msg00126.html ", but I don't understand how to set up their call in backend-sock
https://bugs.openldap.org/show_bug.cgi?id=9950
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- Hello,
The ITS system is for reporting bugs with the software, not for usage/help questions. Those should be directed to the openldap-technical@openldap.org mailing list.
I would note that there is an example in the source tree in the back-sock directory, have you looked there?
https://bugs.openldap.org/show_bug.cgi?id=9950
--- Comment #4 from earyutin earyutin@gmail.com --- Hi!
You mean the files "searchexample.conf" and "searchexample.pl " located in the folder "../servers/slapd/back-sock/" ?
Yes, I did.. but I did not understand how to use it in my scheme. I would like to see an example to understand this.
Yes, I have already written to this address about another problem. Unfortunately, I did not receive an answer..
https://bugs.openldap.org/show_bug.cgi?id=9950
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID
https://bugs.openldap.org/show_bug.cgi?id=9950
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Status|RESOLVED |VERIFIED
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to earyutin from comment #4)
Hi!
You mean the files "searchexample.conf" and "searchexample.pl " located in the folder "../servers/slapd/back-sock/" ?
Yes, I did.. but I did not understand how to use it in my scheme. I would like to see an example to understand this.
Yes, I have already written to this address about another problem. Unfortunately, I did not receive an answer..
Yes, those are the files I meant. A look at the OpenLDAP technical archives also points to this project, which makes extensive use of back-sock. It may help you move forward:
https://github.com/peppelinux/pyMultiLDAP
-
openldap-its@openldap.org