Thanks Alex for replying, ... ...
OK, a days work has led me to discover that while apt-get purge --auto-remove slapd ldap-utils does not actually purge slapd or ldap-utils, but appears to uninstall them and purge all their dependencies. I think this was behind my larger issues with openldap, apt-get purge slapd ldap-utils fixed that for me. I am now circling back around to my original problem.
to clarify, there are 2 servers.
DC Server - AD set up, internal users and groups and policy etc. All working fine. ubuntu server - OpenLDAP set up, external users usernames and passwords. we need our various web apps to point to this for authentication and return users from either of the DSA's
backend of openLDAP currently set up like this (basically straight from a tutorial) -
# Load dynamic backend modules dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb olcModuleload: back_ldap
# Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=companyname,dc=local olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=companyname,dc=local olcRootPW: secret olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 olcAccess: to attrs=userPassword by dn="cn=admin,dc=companyname,dc=local" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read olcAccess: to * by dn="cn=admin,dc=companyname,dc=local" write by * read
I am trying to get the proxy set up at dc=AD,dc=companyname,dc=local.
so far my slapd.conf is - # AD server proxy database ldap suffix "dc=AD,dc=companyname,dc=local" uri ldap://companyname.local/ idassert-bind bindmethod=simple binddn="cn=admin,dc=companyname,dc=local" credentials=secret authzID="dn:cn=admin,dc=companyname,dc=local"
however on running slaptest I get slapd.conf: line 4: <suffix> invalid DN 21 (Invalid syntax) slaptest: bad configuration directory!
I tried suffix with and without the "s to no avail. A side question which neither man slaptest nor google has answered for me thusfar, will slaptest add the configuration to slapd.d or overwrite it?
I do totally get that I am basically asking someone to do my job for me here, which is not a habit I like to cultivate but I would be eternally grateful if anyone could just point me in the right direction. I have done enough tech support to be frustrated to be on this side of the RTFM coin but I assure you I have trawled man pages, tutorials and forums before I came here.