Please keep replies on the list, so that everyone can see the resolution of
Julien Garnier wrote:
> Howard Chu a écrit :
>> Julien Garnier wrote:
>>> Howard Chu a écrit :
>>>> Julien Garnier wrote:
>>>>> * I've tried to use translucent overlay between ldap_relay and
>>>>> ldap1 but
>>>>> the problem is tha it's not possible to search local entries with
>>>> It is in 2.4.8.
>>> Juste a minute after post my message I download the 2.4.8 and I've read
>>> in the chanlog that local entries search is working.
>>> I trie to make that working but nothings change, it doesn't work.
>> Nothing changes because you haven't changed your configuration. Read
>> the slapo-translucent(5) manpage.
> Thanks for your help,
> I just add translucent_local ACMO,... in my slapd.cof and it works !
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
I want to setup a local ldap server that will add my local entries to
the master server.
The config is this one :
A central server that is replicate on my "ldap_relay" server (I have
access to the configuration of this server) . This one replicate from a
central ldap (I have no access to this one) via classical syncrepl. So I
can read my ldap_relay but I can't add my own attributes. I try several
* I've tried to setup multimaster replication between ldap_relay and a
local ldap server (ldap1). In this config I can update users and add my
own attributes but if someone is deleted from de central ldap, he is
delete from the "ldap_relay" server and not delete in the ldap1 server
* I've tried to use translucent overlay between ldap_relay and ldap1 but
the problem is tha it's not possible to search local entries with
* I read the config from Oren Laadan (
This seems to be what I need, but I don't realy understand how to
If someone can help me to set up this solution with my servers.
Thanks in advance.
Please stay on the list so others can answer and learn as well.
divya shree wrote:
> could u plz elaborate on the solution as i am a starter...i mean is it
> enough if a add the option
> "-h" in the staement
> ldapadd -x -D "cn=Manager,dc=example,dc=net" -W -f example.ldif
> or should i do something more...
Just add -h (or -H if needed). Otherwise the LDAP server is
contacted which is configured in ldap.conf or another local LDAP
client configuration file.
Has anyone used the pcache overlay to proxy a remote server in
addition to using the translucent overlay? The remote server that I
want to use has a daily limit 200 queries per IP. I want to avoid
setting up another server process just to cache.
I tried to migrate an existing server from 2.3.39 to 2.4.7 (or also CVS
RE24). I'm making use of authz-regexp to map user entries when they do a
SASL Bind with DIGEST-MD5. Also some ACLs are in effect. This together
used to work on 2.3.x with the existing ACLs.
With 2.4.7 this worked no longer. The user wasn't found. In the ACL
debug log I've noticed that access to the search root database entry
(suffix) is requested. When I explicitly grant auth access to this entry
it works. But why is that needed? Was this an intended change?
I am doing following steps in order to authenticate the user in my C program
using OpenLdap API:
1. ldap init
2. ldap set option to version3
3. search the user using ldap_search_st to get the user DN
4. ldap simple bind with user-DN and password
Now I want to use referral chasing feature.
For above program ldap search at step 3 returns NULL if user is not
Therefore, I added rebindproc function to search the user-DN on other server
The program is changed to:
1. ldap init server1
2. ldap set option to version3
3. ldap set option to rebindproc function
4. search the user using ldap_search_st to get the user DN
5. ldap simple bind with user-DN and password
In rebindproc, I am binding with root credentials and parsing referral URL
to get the base DN.
Here, I got the user-DN from refered server (server 2) in step 4.
However, ldap simple bind at step 5 fails saying invalid credentials.
It is correct, since the user is not present on server1.
Is there anything more I need to do, so that ldap_simple bind will happen
with referral server (server2).
What API shall I use to bind the user-DN to referral server?