Using back-ldap as a dumb proxy - openldap-software

21 Feb 2007


      I'm trying to set up a very simply slapd that takes incoming requests 
locally, and forwards them on to a remote server using SASL/GSSAPI to get 
the information, so that a internal app that doesn't understand SASL/GSSAPI 
can get the information it needs.
I'm trying to configure back-ldap thusly:
# /etc/ldap/slapd.conf -- LDAP proxy slapd configuration file.
# $Id$
# Global Options
modulepath       /usr/lib/ldap
moduleload       back_ldap.la
readonly on
access to *
        by * read
# LDAP Proxy Options
database        ldap
suffix          "dc=stanford,dc=edu"
uri             "ldap://ldap-test1.stanford.edu/"
idassert-bind   bindmethod=sasl saslmech=GSSAPI
protocol-version 3
but it keeps complaining that the DN for the suffix is invalid.  I see 
nothing wrong with this suffix.
line 17 (suffix         "dc=stanford,dc=edu")
...
...
...
dnPrettyNormal: <dc=stanford,dc=edu>
=> ldap_bv2dn(dc=stanford,dc=edu,0)
<= ldap_bv2dn(dc=stanford,dc=edu)=0
ldap_err2string
/etc/ldap/slapd.conf: line 17: <suffix> invalid DN 21 (Invalid syntax)
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html