Hi all, I have this configuration in the slapd.conf. I want to make the ldap server connect to another LDAP (having a different schema) to serve the request to the sub tree ou=UK_grp,ou=people,dc=AEL,dc=IT.
database ldap overlay rwm suffix "ou=UK_grp,ou=people,dc=AEL,dc=IT" rwm-suffixmassage "ou=UK_grp,ou=people,dc=AEL,dc=IT" "o=UK_grp,dc=RAFFO,dc=ITA" uri "ldap://151.98.181.64/" idassert-bind bindmethod=simple binddn="cn=Manager,dc=RAFFO,dc=ITA" credentials=secret rwm-map objectclass top top rwm-map objectclass organizationalUnit organization rwm-map attribute ou o rwm-map objectclass cmmContact person rwm-map attribute sn sn rwm-map attribute cn cn subordinate
I've to map the back-ldap information on the front-ldap schema.
front-ldap schema: ou=UK_grp (l:UK_grp , ou:UK_grp , objectClass:top , objectClass organizationalUnit ) | |----cn=Raffo (objectClass:MyContact , sn:raffo , cn:raffo) ______________________________ back-ldap schema: o=UK_grp(l:UK_grp, o:UK_grp, objectClass:top , objectClass organization ) | |----cn=Raffo (objectClass:person , sn:raffo , cn:raffo)
Following a part of the log(level 4095) where I can see May 11 10:58:08 linux slapd[6292]: [rw] searchDN: "ou=UK_grp,ou=people,dc=AEL,dc=IT" -> "o=UK_grp,dc=RAFFO,dc=ITA" and May 11 10:58:08 linux slapd[6292]: [rw] searchEntryDN: "o=UK_grp,dc=RAFFO,dc=ITA" -> "ou=UK_grp,ou=people,dc=AEL,dc=IT"
When the front-ldap send a Search Request Scope: base DN=cn=Manager,dc=RAFFO,dc=ITA
get from the back-ldap a Search Entry with: Distinguished Name: o=UK_grp,dc=RAFFO,dc=ITA Attribute: objectClass Value:top Value:organization
but not something about the attribute or object class mapping. I think that the first LDAP doesn't make the mapping of attribute and objectclass.
Can someone help me? Regards Raffo
--------------------------------------------------------------------------------------------------------
May 11 10:58:08 linux slapd[6292]: <= send_search_entry: conn 0 exit. May 11 10:58:08 linux slapd[6292]: send_ldap_result: conn=0 op=2 p=3 May 11 10:58:08 linux slapd[6292]: send_ldap_result: err=0 matched="" text="" May 11 10:58:08 linux slapd[6292]: [rw] searchDN: "ou=UK_grp,ou=people,dc=AEL,dc=IT" -> "o=UK_grp,dc=RAFFO,dc=ITA" May 11 10:58:08 linux slapd[6292]: >>> dnPrettyNormal: <o=UK_grp,dc=RAFFO,dc=ITA> May 11 10:58:08 linux slapd[6292]: <<< dnPrettyNormal: <o=UK_grp,dc=RAFFO,dc=ITA>, <o=uk_grp,dc=raffo,dc=ita> May 11 10:58:08 linux slapd[6292]: str2filter "(objectClass=*)" May 11 10:58:08 linux slapd[6292]: begin get_filter May 11 10:58:08 linux slapd[6292]: PRESENT May 11 10:58:08 linux slapd[6292]: end get_filter 0 May 11 10:58:08 linux slapd[6292]: =>ldap_back_getconn: conn 0x802663d8 inserted refcnt=1 binding=1 May 11 10:58:08 linux slapd[6292]: >>> dnPrettyNormal: <o=UK_grp,dc=RAFFO,dc=ITA> May 11 10:58:08 linux slapd[6292]: <<< dnPrettyNormal: <o=UK_grp,dc=RAFFO,dc=ITA>, <o=uk_grp,dc=raffo,dc=ita> May 11 10:58:08 linux slapd[6292]: [rw] searchEntryDN: "o=UK_grp,dc=RAFFO,dc=ITA" -> "ou=UK_grp,ou=people,dc=AEL,dc=IT" May 11 10:58:08 linux slapd[6292]: >>> dnPrettyNormal: <ou=UK_grp,ou=people,dc=AEL,dc=IT> May 11 10:58:08 linux slapd[6292]: <<< dnPrettyNormal: <ou=UK_grp,ou=people,dc=AEL,dc=IT>, <ou=uk_grp,ou=people,dc=AEL,dc=IT> May 11 10:58:08 linux slapd[6292]: => send_search_entry: conn 0 dn="ou=UK_grp,ou=people,dc=AEL,dc=IT" May 11 10:58:08 linux slapd[6292]: => access_allowed: read access to "ou=UK_grp,ou=people,dc=AEL,dc=IT" "entry" requested May 11 10:58:08 linux slapd[6292]: => dn: [1] May 11 10:58:08 linux slapd[6292]: => dn: [2] cn=subschema May 11 10:58:08 linux slapd[6292]: => acl_get: [5] attr entry May 11 10:58:08 linux slapd[6292]: => acl_mask: access to entry "ou=UK_grp,ou=people,dc=AEL,dc=IT", attr "entry" requested May 11 10:58:08 linux slapd[6292]: => acl_mask: to all values by "cn=manager,dc=AEL,dc=IT", (=0) May 11 10:58:08 linux slapd[6292]: <= check a_dn_pat: * May 11 10:58:08 linux slapd[6292]: <= acl_mask: [1] applying read(=rscxd) (stop) May 11 10:58:08 linux slapd[6292]: <= acl_mask: [1] mask: read(=rscxd) May 11 10:58:08 linux slapd[6292]: => access_allowed: read access granted by read(=rscxd) May 11 10:58:08 linux slapd[6292]: => access_allowed: read access to "ou=UK_grp,ou=people,dc=AEL,dc=IT" "objectClass" requested May 11 10:58:08 linux slapd[6292]: => dn: [1] May 11 10:58:08 linux slapd[6292]: => dn: [2] cn=subschema May 11 10:58:08 linux slapd[6292]: => acl_get: [5] attr objectClass May 11 10:58:08 linux slapd[6292]: access_allowed: no res ITom state (objectClass) May 11 10:58:08 linux slapd[6292]: => acl_mask: access to entry "ou=UK_grp,ou=people,dc=AEL,dc=IT", attr "objectClass" requested May 11 10:58:08 linux slapd[6292]: => acl_mask: to value by "cn=manager,dc=AEL,dc=IT", (=0) May 11 10:58:08 linux slapd[6292]: <= check a_dn_pat: * May 11 10:58:08 linux slapd[6292]: <= acl_mask: [1] applying read(=rscxd) (stop) May 11 10:58:08 linux slapd[6292]: <= acl_mask: [1] mask: read(=rscxd) May 11 10:58:08 linux slapd[6292]: => access_allowed: read access granted by read(=rscxd) May 11 10:58:08 linux slapd[6292]: conn=0 op=2 ENTRY dn="ou=uk_grp,ou=people,dc=AEL,dc=IT" May 11 10:58:08 linux slapd[6292]: <= send_search_entry: conn 0 exit. May 11 10:58:08 linux slapd[6292]: send_ldap_result: conn=0 op=2 p=3 May 11 10:58:08 linux slapd[6292]: send_ldap_result: err=0 matched="" text="" May 11 10:58:08 linux slapd[6292]: send_ldap_result: conn=0 op=2 p=3 May 11 10:58:08 linux slapd[6292]: send_ldap_result: err=0 matched="" text="" May 11 10:58:08 linux slapd[6292]: send_ldap_response: msgid=3 tag=101 err=0 May 11 10:58:08 linux slapd[6292]: conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=4 text= May 11 10:58:09 linux slapd[6292]: daemon: activity on 1 descriptor May 11 10:58:09 linux slapd[6292]: daemon: activity on: May 11 10:58:09 linux slapd[6292]: 12r May 11 10:58:09 linux slapd[6292]: May 11 10:58:09 linux slapd[6292]: daemon: read active on 12 May 11 10:58:09 linux slapd[6292]: connection_get(12) May 11 10:58:09 linux slapd[6292]: connection_get(12): got connid=0 May 11 10:58:09 linux slapd[6292]: connection_read(12): checking for input on id=0 May 11 10:58:09 linux slapd[6292]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) May 11 10:58:09 linux slapd[6292]: daemon: select: listen=7 active_threads=0 tvp=zero May 11 10:58:09 linux slapd[6292]: daemon: select: listen=8 active_threads=0 tvp=zero May 11 10:58:09 linux slapd[6292]: do_search May 11 10:58:09 linux slapd[6292]: >>> dnPrettyNormal: <ou=UK_grp, ou=people, dc=AEL, dc=IT> May 11 10:58:09 linux slapd[6292]: <<< dnPrettyNormal: <ou=UK_grp,ou=people,dc=AEL,dc=IT>, <ou=uk_grp,ou=people,dc=AEL,dc=IT> May 11 10:58:09 linux slapd[6292]: SRCH "ou=UK_grp, ou=people, dc=AEL, dc=IT" 1 3 May 11 10:58:09 linux slapd[6292]: 0 0 0 May 11 10:58:09 linux slapd[6292]: begin get_filter May 11 10:58:09 linux slapd[6292]: PRESENT May 11 10:58:09 linux slapd[6292]: end get_filter 0 May 11 10:58:09 linux slapd[6292]: filter: (objectClass=*) May 11 10:58:09 linux slapd[6292]: attrs: May 11 10:58:09 linux slapd[6292]: objectclass May 11 10:58:09 linux slapd[6292]: May 11 10:58:09 linux slapd[6292]: conn=0 op=3 SRCH base="ou=UK_grp,ou=people,dc=AEL,dc=IT" scope=1 deref=3 filter="(objectClass=*)" May 11 10:58:09 linux slapd[6292]: conn=0 op=3 SRCH attr=objectclass May 11 10:58:09 linux slapd[6292]: => bdb_search May 11 10:58:09 linux slapd[6292]: bdb_dn2entry("ou=uk_grp,ou=people,dc=AEL,dc=IT") May 11 10:58:09 linux slapd[6292]: => bdb_dn2id("ou=uk_grp,ou=people,dc=AEL,dc=IT") May 11 10:58:09 linux slapd[6292]: <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) May 11 10:58:09 linux slapd[6292]: send_ldap_result: conn=0 op=3 p=3 May 11 10:58:09 linux slapd[6292]: send_ldap_result: err=10 matched="ou=people,dc=AEL,dc=IT" text="" May 11 10:58:09 linux slapd[6292]: send_ldap_result: conn=0 op=3 p=3 May 11 10:58:09 linux slapd[6292]: send_ldap_result: err=32 matched="ou=people,dc=AEL,dc=IT" text="" May 11 10:58:09 linux slapd[6292]: send_ldap_response: msgid=4 tag=101 err=32 May 11 10:58:09 linux slapd[6292]: conn=0 op=3 SEARCH RESULT tag=101 err=32 nentries=0 text= May 11 10:58:11 linux slapd[6292]: daemon: activity on 1 descriptor May 11 10:58:11 linux slapd[6292]: daemon: activity on: May 11 10:58:11 linux slapd[6292]: 12r May 11 10:58:11 linux slapd[6292]: May 11 10:58:11 linux slapd[6292]: daemon: read active on 12 May 11 10:58:11 linux slapd[6292]: connection_get(12) May 11 10:58:11 linux slapd[6292]: connection_get(12): got connid=0 May 11 10:58:11 linux slapd[6292]: connection_read(12): checking for input on id=0 May 11 10:58:11 linux slapd[6292]: ber_get_next on fd 12 failed errno=0 (Success) May 11 10:58:11 linux slapd[6292]: connection_read(12): input error=-2 id=0, closing. May 11 10:58:11 linux slapd[6292]: connection_closing: readying conn=0 sd=12 for close May 11 10:58:11 linux slapd[6292]: connection_close: deferring conn=0 sd=12 May 11 10:58:11 linux slapd[6292]: daemon: select: listen=7 active_threads=0 tvp=zero May 11 10:58:11 linux slapd[6292]: daemon: select: listen=8 active_threads=0 tvp=zero May 11 10:58:11 linux slapd[6292]: daemon: activity on 1 descriptor May 11 10:58:11 linux slapd[6292]: daemon: activity on: May 11 10:58:11 linux slapd[6292]: May 11 10:58:11 linux slapd[6292]: daemon: select: listen=7 active_threads=0 tvp=zero May 11 10:58:11 linux slapd[6292]: daemon: select: listen=8 active_threads=0 tvp=zero May 11 10:58:11 linux slapd[6292]: do_unbind May 11 10:58:11 linux slapd[6292]: conn=0 op=4 UNBIND May 11 10:58:11 linux slapd[6292]: connection_resched: attempting closing conn=0 sd=12 May 11 10:58:11 linux slapd[6292]: connection_close: conn=0 sd=12 May 11 10:58:11 linux slapd[6292]: =>ldap_back_conn_destroy: fetching conn 0 May 11 10:58:11 linux slapd[6292]: daemon: removing 12 May 11 10:58:11 linux slapd[6292]: conn=0 fd=12 closed --------------------------------------------------------------------------------------------------------
openldap-software@openldap.org
-
Raffaele Viola