I have spent the last week off and on trying to figure out why my chain overlay was not working correctly.  I tried all combinations of it that I could find and finally found out that the parser of the slapd.conf file is picky about spacing.  I was trying to make my config file look nice by indenting the options under "overlay chain" only to find after many frustrating hours that you cannot do that!  I didn't find anywhere that that was explicitly documented (even though all of the examples were not formatted that way).  I finally caught it when I upgraded to 2.4.7 wondering if there was a bug and slaptest gave a very unhelpful error, but it did help me narrow it down.  Hopefully this will save someone my same frustrations.

 

Incorrect way:

overlay                 chain

                                chain-uri                              "ldap://host"

                                chain-rebind-as-user      TRUE

                                chain-idassert-bind         bindmethod="simple" binddn="binduser" credentials="secret" mode="self"

                                chain-return-error           TRUE

 

 

Correct way:

overlay                                 chain

chain-uri                              "ldap://host"

chain-rebind-as-user      TRUE

chain-idassert-bind         bindmethod="simple" binddn="binduser" credentials="secret" mode="self"

chain-return-error           TRUE

 

 

Justin