Hi to all, I'm testing the backend ldap in order to make a proxy for an existing OpenLDAP instance (call it REAL). As stated in the manual, the ldap database is like a proxy. After configuring the "proxy" LDAP server (call it PROXY) I'm able to read the real content of REAL from PROXY, so the proxing is working well, but when I try to modify something on PROXY, instead of doing the change on REAL, OpenLDAP gives me this error:
ldap_chase_referrals read1msg: V2 referral chased, mark request completed, id = 7 new result: res_errno: 8, res_error: <modifications require authentication>, res_matched: <> read1msg: 0 new referrals read1msg: mark request completed, id = 7 request 7 done res_errno: 8, res_error: <modifications require authentication>, res_matched: <>
Following the documentation I configured the PROXY server, so this is the main configuration in slapd.conf of PROXY:
database ldap uri "ldap://localhost:389" bindmethod=simple binddn="cn=root,o=Test,c=IT" credentials="password"
suffix "o=Test,c=IT" rootdn "cn=root,o=Test,c=IT" rootpw password
I've not touched the REAL slapd.conf.
Where am I wrong ?
database ldap uri "ldap://localhost:389" bindmethod=simple binddn="cn=root,o=Test,c=IT" credentials="password"
^^^ this is not a valid slapd-ldap(5) configuration; use slaptest -d config to find out what is wrong, and check slapd-ldap(5) for valid directives.
The fact that lookups work while writes don't, indicating that authentication is required sounds like your client is not binding.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
Yes, I've read the slapd-ldap(5) and I've changed the slapd.conf in:
database ldap uri "ldap://localhost:389"
acl-bind bindmethod=simple binddn="cn=root,o=Test,c=IT" credentials="password"
however I think I have an old version of OpenLDAP, it is a Windows version that states this:
$OpenLDAP: slapd 2.2.29 (Oct 21 2005 16:01:14) $
It can also be a problem with the client (Softerra LDAP Administrator), because it acts in the same manner also as using anonymous binding. So I suspect this is the problem. I'll make some testing with another client. Thanks for now
On 8/28/07, Pierangelo Masarati ando@sys-net.it wrote:
database ldap uri "ldap://localhost:389" bindmethod=simple binddn="cn=root,o=Test,c=IT" credentials="password"
^^^ this is not a valid slapd-ldap(5) configuration; use slaptest -d config to find out what is wrong, and check slapd-ldap(5) for valid directives.
The fact that lookups work while writes don't, indicating that authentication is required sounds like your client is not binding.
openldap-software@openldap.org
-
Diego de Felice -
Pierangelo Masarati