Hi list!
i have several consumer and one provider (lets call them ldapconX and ldapprov). syncrepl works fine, but i actually do not want any clients to contact the provider directly (and i have in addition some clients which would not understand referrals anyway), so reading through the admin guide and man pages i thought slapo-chain would be the solution! (correct me if i am wrong ;-)) But somehow a can not get it working...
the slapd.conf of the provider is untouched, the consumer have (simplified in some places; please tell me if you need it in more details):
----- /etc/openldap/slapd.conf # consumer include ... acls ... databse bdb suffix ... rootdn "cn=manager,o=test" rootpw xxx index ... overlay smbk5pwd syncrepl ... updateref ldaps://ldapprov overlay chain chain-rebind-as-user FALSE chain-uri "ldaps://ldapprov" chain-rebind-as-user TRUE chain-idassert-bind bindmethod="simple" binddn="cn=manager,o=test" credentials="secret" mode="self" ---- end of slapd.conf
but when trying to change the password via ldappasswd i get:
ldappasswd -x -h localhost <...> New password: Re-enter new password: Enter LDAP Password: Result: Referral (10) Referral: ldaps://ldapprov
i also tried to remove the line "updateref ...", but then i get: Result: Server is unwilling to perform (53) Additional info: shadow context; no update referral
i also read different postings and the man pages but maybe overlooked or did not understand something.
what am i am doing wrong? or do i missunderstand some conceptual basics?
thanks in advance for any hints!
regards markus
+-----------------------------------------------------------------+ | Markus Krause, Mogli-Soft | | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL | | by order of the | | Computing Center of the Max-Planck-Institute of Biochemistry | +--------------------------------+--------------------------------+ | E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 | | markus.krause@mac.com | Fax.: 089 - 89 40 85 98 | | Skype: markus.krause | iChat: markus.krause@mac.com | +--------------------------------+--------------------------------+
---------------------------------------------------------------------- This message was sent using https://webmail2.biochem.mpg.de If you encounter any problems please report to rz-linux@biochem.mpg.de