On 5/17/2013 1:14 PM, Howard Chu wrote:
Mike W wrote:
I am attempting to setup communication between 2 ldap servers but having issues when trying to limit access. I have dug around the source a bit and found a few commands but unable to find any documentation anywhere on them.
olcDbAclBind
slapd-ldap(5) acl-bind.
Forgive me, but I am new to openldap. That seemed to be for the older slapd.conf style, not the RTC style? Assuming that those commands should be similar I configured and tested but no luck. Perhaps someone can see the problem.
Goal, lab5 talk to lab4, read only requiring creds.
-------- lab5--------------- dn: olcDatabase={4}ldap objectClass: olcDatabaseConfig objectClass: olcLdapConfig olcDatabase: {4}ldap olcReadonly: TRUE olcSuffix: dc=mydomain,dc=foo olcRootDN: dc=mydomain,dc=foo olcDbACLBind: bindmethod=simple timeout=5 network-timeout=5 binddn="cn=Manager,dc=mydomain,dc=foo" credentials=secret starttls=no olcDbURI: "ldap://lab4.host.com:389" -------------------------
-----lab4---------------- dn: olcDatabase={2}bdb objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcSuffix: dc=mydomain,dc=foo olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE olcRootDN: cn=Manager,dc=mydomain,dc=foo olcRootPW: secret olcAccess: to dn.base="cn=Manager,dc=mydomain,dc=foo" by users read olcSyncUseSubentry: FALSE olcMonitoring: TRUE olcDbDirectory: /var/lib/ldap/foo olcDbCacheSize: 1000 olcDbCheckpoint: 1024 15 olcDbConfig: {70} olcDbConfig: {71}#set_flags DB_TXN_NOSYNC olcDbConfig: {72}#set_flags DB_TXN_NOT_DURABLE olcDbConfig: {73} olcDbNoSync: FALSE olcDbDirtyRead: FALSE olcDbIDLcacheSize: 0 olcDbIndex: objectClass pres,eq olcDbIndex: cn pres,eq,sub olcDbIndex: uid pres,eq,sub olcDbIndex: uidNumber pres,eq olcDbIndex: gidNumber pres,eq olcDbIndex: mail pres,eq,sub olcDbIndex: ou pres,eq,sub olcDbIndex: loginShell pres,eq olcDbIndex: sn pres,eq,sub olcDbIndex: givenName pres,eq,sub olcDbIndex: memberUid pres,eq,sub olcDbIndex: nisMapName pres,eq,sub olcDbIndex: nisMapEntry pres,eq,sub olcDbLinearIndex: FALSE olcDbMode: 0600 olcDbSearchStack: 16 olcDbShmKey: 0 olcDbCacheFree: 1 olcDbDNcacheSize: 0 structuralObjectClass: olcBdbConfig -------------------------
When I connect to lab4 from lab5 I see this in the log:
conn=1005 op=0 BIND dn="" method=128
Which seems to indicate my dn is not getting across somehow. I suspect it's something in the way I am trying to translate the commands from slapd.conf to this version? Either that or my lack of experience w/openldap is completely off base.
Thanks for any input.