Re: successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy

DePriest, Jason R. wrote:

I can run ldapsearch from my OpenLDAP server and successfully query a remote LDAP server.

My command-line looks like this (broken into lines for readability): ldapsearch -u -v -x -D 'cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com' -w '<password>' -H 'ldap://server.subdomain.domain.com' -b 'ou=Department,dc=subdomain,dc=domain,dc=com' -s one -P 3 '(&(objectCategory=person)(objectClass=user)(cn=DeP*))' +

It returns: # extended LDIF # # LDAPv3 # base <ou=Data Security,dc=subdomain,dc=domain,dc=com> with scope subtree # filter: (&(objectCategory=person)(objectClass=user)(cn=DeP*)) # requesting: + #

# DePriest\2C Jason R., Department, subdomain.domain.com dn: CN=DePriest, Jason R.,OU=Department,DC=subdomain,DC=domain,DC=com ufn: DePriest\2C Jason R., Department, subdomain.domain.com

# search result search: 2 result: 0 Success

# numResponses: 2 # numEntries: 1

Hey, look! It found me!

I have tried using the ldap backend, but I'm leaning toward using the meta backend now.

I cannot seem to figure out how to take the successful ldapsearch and turn it into a configuration that will proxy requests to the remote server.

database meta suffix "ou=Data Security,dc=subdomain,dc=domain,dc=com"

uri "ldap://server.subdomain.domain.com/ou=Data Security,dc=subdomain,dc=domain,dc=com" protocol-version 3 idassert-bind bindmethod=simple binddn="cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com" credentials="<password>" mode=self flags=non-prescriptive

I have what I think looks good, but I get an error while trying to do a query and it crashes with this: slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: ldap_back_proxy_authz_ctrl

You need to load back_ldap.la as well, as it provides the missing symbol.

p.

Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------