DePriest, Jason R. wrote:
I am a complete newbie with OpenLDAP. I have worked with Windows NT Domains and Active Directory for a long time. I've also worked with Microsoft ADAM and CA's eTrust Admin Directory.
However, I am having trouble getting OpenLDAP to perform what I think are basic functions.
I have a Debian GNU/Linux Etch system with a 2.6.18 kernel.
slapd reports a version of 2.3.30.
slapd-ldap(5) saw some significant enhancement around 2.3.34 or so; I'd recommend to updated to the latest (2.3.37 right now).
I have slapd running and I am able to authenticate with the local admin account.
What I want is for it to take requests for domain.com, ask the real domain.com LDAP server (Active Directory) to handle it, then provide the answer to the client.
I want to have an OpenLDAP server in my DMZ proxy connections to my internal network without actually storing any account information locally (except for the local admin).
I think this is the relevant configuration information (comments removed): include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 0 modulepath /usr/lib/ldap moduleload back_bdb moduleload back_ldap
moduleload rwm
sizelimit 500 tool-threads 1 backend bdb checkpoint 512 30 database ldap lastmod off
^^^ not needed
uri "ldap://server.domain.com" map attribute uid sAMAccountName map attribute cn name map attribute mail userPrincipalName map objectclass account user map attribute * idassert-bind bindmethod=simple binddn="cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com" credentials="<password>" method=self chase-referrals yes
^^^ this might give undesired effects; only activate if strictly required, and after careful testing.
database bdb suffix "dc=domain,dc=com" rootdn "cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq lastmod on access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write by * read
Running this with: slapd -g openldap -u openldap -d 16383
Give a few errors such as: line 44 (checkpoint 512 30) /etc/ldap/slapd.conf: line 44: unknown directive <checkpoint> inside backend database definition (ignored). and /etc/ldap/slapd.conf: line 51: rewrite/remap capabilities have been moved to the "rwm" overlay; see slapo-rwm(5) for details (hint: add "overlay rwm" and prefix all directives with "rwm-").
Adding the requested overlay line and changing the map to rwm-map doesn't help. I may be adding it in the wrong place. I always get: line 31 (overlay rwm) overlay "rwm" not found /etc/ldap/slapd.conf: line 31: <overlay> handler exited with 1!
with the line number obviously different for the different places I've tried it.
Yet, the rwm files are right where they should be: root@ebizsrvb:/etc/ldap# ls -l /usr/lib/ldap/rwm* lrwxrwxrwx 1 root root 17 2007-04-16 12:18 /usr/lib/ldap/rwm-2.3.so.0 -> rwm-2.3.so.0.2.18 -rw-r--r-- 1 root root 33020 2007-03-08 23:45 /usr/lib/ldap/rwm-2.3.so.0.2.18 -rw-r--r-- 1 root root 891 2007-03-08 23:45 /usr/lib/ldap/rwm.la lrwxrwxrwx 1 root root 17 2007-04-16 12:18 /usr/lib/ldap/rwm.so -> rwm-2.3.so.0.2.18
Please tell me what simple step I am messing up?
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------