Hi,
I can't get this working in overlay chain[1] but its working with syncrepl[2]. I'm missing something, please help.
# ldapsearch -x -b "" -LLL -s base supportedSASLMechanisms dn: supportedSASLMechanisms: PLAIN supportedSASLMechanisms: NTLM supportedSASLMechanisms: LOGIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: EXTERNAL
$ ldapwhoami -ZZ SASL/EXTERNAL authentication started SASL username: cn=replicator,ou=ou,o=o,l=l,st=s,c=c SASL SSF: 0 dn:cn=replicator,ou=dsa,dc=server,dc=group
slapd.conf: TLSCACertificateFile /etc/ssl/certs/mgoc-cacert.pem TLSCertificateFile /etc/ldap/ssl/server-cert.pem TLSCertificateKeyFile /etc/ldap/ssl/server-key.pem TLSVerifyClient try
authz-policy from authz-regexp "^cn=([^,]+),.*" "cn=$1,ou=dsa,dc=moldex,dc=group"
[1] overlay chain chain-uri "ldaps://server.group" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=sasl saslmech=EXTERNAL binddn="cn=whatever" tls_cert=/etc/ldap/ssl/replicator-cert.pem tls_key=/etc/ldap/ssl/replicator-key.pem tls_cacert=/etc/ssl/certs/mgoc-cacert.pem tls_reqcert=demand mode=self chain-idassert-authzFrom "*" chain-return-error TRUE
[2] syncrepl rid=245 provider=ldap://server.group type=refreshAndPersist searchbase="dc=server,dc=group" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=sasl saslmech=EXTERNAL starttls=yes tls_cert=/etc/ldap/ssl/replicator-cert.pem tls_key=/etc/ldap/ssl/replicator-key.pem tls_reqcert=allow retry="10 20 60 +" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog
--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa