Dieter Kluenter wrote:
Christian Roessnerchristian@roessner-net.com writes:
Hi Dieter,
This depends :-) But in most cases the overlays are an extension to a specific database declaration
Ok, I have added it to the htb-part:
DN: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcChainConfig objectClass: olcConfig objectClass: olcOverlayConfig objectClass: top olcOverlay: {0}chain
overlay chain chain-uri ldap://foo/ chain-idassert-bind bindmethod=simple binddn="..." credentials="..." mode=self flags=non-prescriptive chain-rebind-as-user true chain-return-error true
My problem is that I can not find the corresponding old-attributes. I only could set:
olcChainCacheURI olcChainMaxReferralDepth olcChainReturnError olcChainingBehavior
So, what have I done wrong?
There is nothing wrong. The chain overlay is derived from back-ldap, that is, only attributes unknown to back-ldap, are specific to chain overlay. ldapsearch [-Y external -H ldapi:///]-b "cn=subschema" -s base + | grep -A4 'olcLDAPConfig' will show the missing attributes. But as man slapo-chain(5) mentions, an extension of chain- will distinguish from other configuration parameters. If this applies to cn=config related attributes I don't know, as I don't have a chained replication setup. Others may answer to this.
Under the covers, the chain overlay creates a private back-ldap instance. For dynamically adding with cn=config, you have to create this instance yourself. See the later section of test022-ppolicy in the test suite for an example of how this is done.