ok, a couple more quick questions, as I'm reading further through the man pages...
(1) do I need to set up a root dn for the server since it's only a passthrough anyway? (2) I suspect I'm missing something, but I'd like to block any incoming ldap connections not from a specific host (most likely localhost). I couldn't really tell how to do this from the ldap.access page. (3) I haven't gotten far enough to know for sure, since ldap requires that the scheme be published (at least, according to LDAP Directories Explained, by T Howes), can I have OpenLDAP use the published scheme from the server it's connecting to, and not worry about setting up a local scheme?
Thank you, -Jim Stapleton
----- Original Message ----- From: "Pierangelo Masarati" ando@sys-net.it To: "S James S Stapleton" stapleton.41@osu.edu Cc: openldap-software@openldap.org Sent: Thursday, May 17, 2007 3:05 PM Subject: Re: using openldap as a translation layer.
S James S Stapleton wrote:
Mine would definetly be the second method you described (I don't know what hte main LDAP server is running, and I can't touch its settings even if I knew)
OK.
Thes given instructions (copied below) go in the slapd.config, and everything else therein is removed?
Not everything. Let's say what's below is the minimal database setup to have a working proxy, but you'll need to load the schema at least, and add little more configuration before getting to the database section.
If you start from the example slapd.conf provided with OpenLDAP, you'd have to replace everything from "database bdb" on with the suggested directives. Then, you'll probably have to deal with security, e.g. using TLS to protect simple bind and so on. Make sure you read the Admin Guide and the related man pages for those rather generic tasks.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it