successful ldapsearch -- need to turn it into a working slapd configuration for an LDAP proxy
I can run ldapsearch from my OpenLDAP server and successfully query a remote LDAP server.
My command-line looks like this (broken into lines for readability): ldapsearch -u -v -x -D 'cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com' -w '<password>' -H 'ldap://server.subdomain.domain.com' -b 'ou=Department,dc=subdomain,dc=domain,dc=com' -s one -P 3 '(&(objectCategory=person)(objectClass=user)(cn=DeP*))' +
It returns: # extended LDIF # # LDAPv3 # base <ou=Data Security,dc=subdomain,dc=domain,dc=com> with scope subtree # filter: (&(objectCategory=person)(objectClass=user)(cn=DeP*)) # requesting: + #
# DePriest\2C Jason R., Department, subdomain.domain.com dn: CN=DePriest, Jason R.,OU=Department,DC=subdomain,DC=domain,DC=com ufn: DePriest\2C Jason R., Department, subdomain.domain.com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Hey, look! It found me!
I have tried using the ldap backend, but I'm leaning toward using the meta backend now.
I cannot seem to figure out how to take the successful ldapsearch and turn it into a configuration that will proxy requests to the remote server.
I have what I think looks good, but I get an error while trying to do a query and it crashes with this: slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: ldap_back_proxy_authz_ctrl
I am running OpenLDAP 2.3.35 on a 2.6.21 kernel Debian GNU/Linux system.
I hate to post the entire gigantic debug log or the entire config when I don't really know what parts are important to you. Let me know if you need more information.
Thanks!
-Jason
DePriest, Jason R. wrote:
I can run ldapsearch from my OpenLDAP server and successfully query a remote LDAP server.
My command-line looks like this (broken into lines for readability): ldapsearch -u -v -x -D 'cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com' -w '<password>' -H 'ldap://server.subdomain.domain.com' -b 'ou=Department,dc=subdomain,dc=domain,dc=com' -s one -P 3 '(&(objectCategory=person)(objectClass=user)(cn=DeP*))' +
It returns: # extended LDIF # # LDAPv3 # base <ou=Data Security,dc=subdomain,dc=domain,dc=com> with scope subtree # filter: (&(objectCategory=person)(objectClass=user)(cn=DeP*)) # requesting: + #
# DePriest\2C Jason R., Department, subdomain.domain.com dn: CN=DePriest, Jason R.,OU=Department,DC=subdomain,DC=domain,DC=com ufn: DePriest\2C Jason R., Department, subdomain.domain.com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Hey, look! It found me!
I have tried using the ldap backend, but I'm leaning toward using the meta backend now.
I cannot seem to figure out how to take the successful ldapsearch and turn it into a configuration that will proxy requests to the remote server.
database meta suffix "ou=Data Security,dc=subdomain,dc=domain,dc=com"
uri "ldap://server.subdomain.domain.com/ou=Data Security,dc=subdomain,dc=domain,dc=com" protocol-version 3 idassert-bind bindmethod=simple binddn="cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com" credentials="<password>" mode=self flags=non-prescriptive
I have what I think looks good, but I get an error while trying to do a query and it crashes with this: slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: ldap_back_proxy_authz_ctrl
You need to load back_ldap.la as well, as it provides the missing symbol.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
On 8/22/07, Pierangelo Masarati <> wrote:
DePriest, Jason R. wrote:
I can run ldapsearch from my OpenLDAP server and successfully query a remote LDAP server.
My command-line looks like this (broken into lines for readability): ldapsearch -u -v -x -D 'cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com' -w '<password>' -H 'ldap://server.subdomain.domain.com' -b 'ou=Department,dc=subdomain,dc=domain,dc=com' -s one -P 3 '(&(objectCategory=person)(objectClass=user)(cn=DeP*))' +
It returns: # extended LDIF # # LDAPv3 # base <ou=Data Security,dc=subdomain,dc=domain,dc=com> with scope subtree # filter: (&(objectCategory=person)(objectClass=user)(cn=DeP*)) # requesting: + #
# DePriest\2C Jason R., Department, subdomain.domain.com dn: CN=DePriest, Jason R.,OU=Department,DC=subdomain,DC=domain,DC=com ufn: DePriest\2C Jason R., Department, subdomain.domain.com
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1
Hey, look! It found me!
I have tried using the ldap backend, but I'm leaning toward using the meta backend now.
I cannot seem to figure out how to take the successful ldapsearch and turn it into a configuration that will proxy requests to the remote server.
database meta suffix "ou=Data Security,dc=subdomain,dc=domain,dc=com"
uri "ldap://server.subdomain.domain.com/ou=Data Security,dc=subdomain,dc=domain,dc=com" protocol-version 3 idassert-bind bindmethod=simple binddn="cn=LDAP-proxy,ou=Service Accounts,dc=subdomain,dc=domain,dc=com" credentials="<password>" mode=self flags=non-prescriptive
I have what I think looks good, but I get an error while trying to do a query and it crashes with this: slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: ldap_back_proxy_authz_ctrl
You need to load back_ldap.la as well, as it provides the missing symbol.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
I have added moduleload back_ldap along with those I already had moduleload back_bdb moduleload back_meta
and made your other suggested changes.
I get an error trying to start the slapd daemon.
line 82 (idassert-bind ***) slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: slap_idassert_parse_cf
DePriest, Jason R. wrote:
I have added moduleload back_ldap along with those I already had moduleload back_bdb moduleload back_meta
and made your other suggested changes.
I get an error trying to start the slapd daemon.
line 82 (idassert-bind ***) slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: slap_idassert_parse_cf
No clue: that symbol is also in back_ldap.la. I suggest you build OpenLDAP yourself, the package you're using might be broken.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
On 8/23/07, Pierangelo Masarati <> wrote:
DePriest, Jason R. wrote:
I have added moduleload back_ldap along with those I already had moduleload back_bdb moduleload back_meta
and made your other suggested changes.
I get an error trying to start the slapd daemon.
line 82 (idassert-bind ***) slapd: symbol lookup error: /usr/lib/ldap/back_meta-2.3.so.0: undefined symbol: slap_idassert_parse_cf
No clue: that symbol is also in back_ldap.la. I suggest you build OpenLDAP yourself, the package you're using might be broken.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
I rolled my own OpenLDAP using the 2.3.38 source making sure to include meta and ldap backends.
It comes all the way up and doesn't crash when I run a query. However, it does give me these.
00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
conn=0 op=4 meta_back_search[0] match="" err=1 (Operations error).
ldap_read: want=8 error=Resource temporarily unavailable
DePriest, Jason R. wrote:
I rolled my own OpenLDAP using the 2.3.38 source making sure to include meta and ldap backends.
cool...
It comes all the way up and doesn't crash when I run a query.
... almost there...
However, it does give me these.
00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
This has nothing to do with OpenLDAP software.
conn=0 op=4 meta_back_search[0] match="" err=1 (Operations error).
ldap_read: want=8 error=Resource temporarily unavailable
Apparently your (non-OpenLDAP) application performed some invalid operation. Unfortunately you don't provide any clue about what operation, and my crystal ball is out for maintenance right now.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
openldap-software@openldap.org
-
DePriest, Jason R. -
Pierangelo Masarati