I have spent the last week off and on trying to figure out why my chain overlay was not working correctly. I tried all combinations of it that I could find and finally found out that the parser of the slapd.conf file is picky about spacing. I was trying to make my config file look nice by indenting the options under "overlay chain" only to find after many frustrating hours that you cannot do that! I didn't find anywhere that that was explicitly documented (even though all of the examples were not formatted that way). I finally caught it when I upgraded to 2.4.7 wondering if there was a bug and slaptest gave a very unhelpful error, but it did help me narrow it down. Hopefully this will save someone my same frustrations.
Incorrect way:
overlay chain
chain-uri "ldap://host"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple" binddn="binduser" credentials="secret" mode="self"
chain-return-error TRUE
Correct way:
overlay chain
chain-uri "ldap://host"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple" binddn="binduser" credentials="secret" mode="self"
chain-return-error TRUE
Justin
Justin Lambert wrote:
I have spent the last week off and on trying to figure out why my chain overlay was not working correctly. I tried all combinations of it that I could find and finally found out that the parser of the slapd.conf file is picky about spacing. I was trying to make my config file look nice by indenting the options under "overlay chain" only to find after many frustrating hours that you cannot do that! I didn't find anywhere that that was explicitly documented (even though all of the examples were not formatted that way).
Apparently you haven't read the slapd.conf(5) manpage:
If a line begins with white space, it is considered a continuation of the previous line. No physical line should be over 2000 bytes long.
On Thu, 20 Dec 2007, Justin Lambert wrote:
I have spent the last week off and on trying to figure out why my chain overlay was not working correctly. I tried all combinations of it that I could find and finally found out that the parser of the slapd.conf file is picky about spacing. I was trying to make my config file look nice by indenting the options under "overlay chain" only to find after many frustrating hours that you cannot do that! I didn't find anywhere that that was explicitly documented (even though all of the examples were not formatted that way). I finally caught it when I upgraded to 2.4.7 wondering if there was a bug and slaptest gave a very unhelpful error, but it did help me narrow it down. Hopefully this will save someone my same frustrations.
man slapd.conf:
If a line begins with white space, it is considered a continuation of the previous line. Blank lines and comment lines beginning with a `#' character are ignored. Note: continuation lines are unwrapped before comment processing is applied.
My problem was that I didn't read the slapd.conf man page top to bottom. I already knew how to set a directory and was only looking for information on syncrepl and chain since those things were new to me. I'm not trying to insult the openldap documentation, I just made a mistake and the information I needed (or should have known) just wasn't provided where I was looking. I sent this out mostly so that if someone else is having the same problem a search will pick up my message and help them out rather than having to ask and getting told to RTFM. I thought I had, evidently just not the right manual.
jl
-----Original Message----- From: openldap-software-bounces+jlambert=ften.com@OpenLDAP.org [mailto:openldap-software-bounces+jlambert=ften.com@OpenLDAP.org] On Behalf Of Dave Horsfall Sent: Thursday, December 20, 2007 5:16 PM To: OpenLDAP Software List Subject: Re: Overlay chain formatting
On Thu, 20 Dec 2007, Justin Lambert wrote:
I have spent the last week off and on trying to figure out why my
chain
overlay was not working correctly. I tried all combinations of it
that
I could find and finally found out that the parser of the slapd.conf file is picky about spacing. I was trying to make my config file look
nice by indenting the options under "overlay chain" only to find after
many frustrating hours that you cannot do that! I didn't find
anywhere
that that was explicitly documented (even though all of the examples were not formatted that way). I finally caught it when I upgraded to 2.4.7 wondering if there was a bug and slaptest gave a very unhelpful error, but it did help me narrow it down. Hopefully this will save someone my same frustrations.
man slapd.conf:
If a line begins with white space, it is considered a continuation of the previous line. Blank lines and comment lines beginning with a `#' character are ignored. Note: continuation lines are unwrapped before comment processing is applied.
Justin Lambert wrote:
I have spent the last week off and on trying to figure out why my chain overlay was not working correctly. I tried all combinations of it that I could find and finally found out that the parser of the slapd.conf file is picky about spacing. I was trying to make my config file look nice by indenting the options under "overlay chain" only to find after many frustrating hours that you cannot do that! I didn't find anywhere that that was explicitly documented (even though all of the examples were not formatted that way). I finally caught it when I upgraded to 2.4.7 wondering if there was a bug and slaptest gave a very unhelpful error, but it did help me narrow it down. Hopefully this will save someone my same frustrations.
Incorrect way:
overlay chain
chain-uri"ldap://host"
chain-rebind-as-user TRUE chain-idassert-bindbindmethod="simple" binddn="binduser" credentials="secret" mode="self"
chain-return-error TRUECorrect way:
overlay chain
chain-uri "ldap://host"
chain-rebind-as-user TRUE
chain-idassert-bind bindmethod="simple" binddn="binduser" credentials="secret" mode="self"
chain-return-error TRUE
Justin
This is also the example at:
http://www.openldap.org/doc/admin24/overlays.html#Chaining
openldap-software@openldap.org
-
Dave Horsfall -
Gavin Henry -
Howard Chu -
Justin Lambert