Thanks for your help.
I create my own OID in a .schema file that i include in slapd.conf and it works great !
attributetype ( 184.108.40.206.4.1.4220.127.116.11562 NAME 'sbzoneid' SYNTAX
18.104.22.168.4.1.1422.214.171.124.15 SINGLE-VALUE X-ORIGIN 'user defined' )
with "159562" a number of my choice that is not already used by openldap.
Now i'm trying to get a ldaps connection with the backend ldap server.
I want my openldap proxy to check the backend certificate with the CA certificate that i
put after TLSCACertificateFile.
The issue is that the ldaps connection works everytime without checking the backend server
The configuration line with TLSCACertificateFile has no effect on the ssl connection !
I saw that TLSVerifyClient enable to force the certificate check of the client conneting
to my openldap proxy but i don't see how to force the openldap proxy to check the
backend server certificate.
Then, i had 2 .cer CA certificate (a root and an intermediate) that i concat in 1
certificate. Does openldap support .cer ? or should i rename it in .pem ?
thank you for your help
Message du 30/11/06 à 17h52
De : "Kurt D. Zeilenga"
A : jerrrry(a)voila.fr
Copie à : openldap-software(a)openldap.org
Objet : Re: openldap proxy: schema issue
At 02:09 AM 11/30/2006, jerrrry(a)voila.fr wrote:
>I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server.
>Unfortunately this (non-OpenLDAP) LDAP directory uses non standard attributes stored
in a .ldif file.
>i have to use one of this non standard attributes in the slapd.conf file for binddn:
>maybe i have to convert this file in the openldap .schema format and include it in
If the LDIF contains RFC 4512 conformant schema descriptions,
that conversion is straight forward. However, it seems that
descriptions provided in the LDIF do not conform to RFC 4512.
>A big issue seems to be that this ldif file doesn't use numericOIDs but string
>attributetype ( sbzoneid-oid NAME 'sbzoneid' SYNTAX 126.96.36.199.4.1.1466.115.12
slapd(8) requires either an OID, or a valid OID macro (which
will expand to the OID before the description is published in
the schema)... because LDAP does (see RFC 4512).
>so when runing "sladp -d 1" i get the error: OID could not be expanded:
As "sbzoneid-oid" isn't a numbericoid, it assumed it was an
OID macro. But there is no such OID macro, hence the error.
>or maybe with a more liberal parsing could be helpful ?
The input is parsed just fine. The problem is semantics.
The field requires an OID. "sbzoneid-oid" is neither an OID,
nor something that represents an OID. Without an OID, slapd(8)
wouldn't be able to publish valid schema descriptions for
the schema element.
>Do you have any idea to solve this problem ?
Locate the proper OIDs for these schema elements and use them.
Or, assign your own OIDs (from your own name space).