Heya,

In order to enable write chaining, I used the normal mechanism of using a slapd.conf file to generate the necessary slapd.d configuration that I'm now using to seed the servers that I'm building.

Out of interest - why do I need the two separate overlays (shown bellow) in the final config?  Trying to understand what's actually happening and can't quite make sense of why this is defined like this.

dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbStartTLS: start starttls=yes
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbOnErr: continue
olcDbKeepalive: 0:0:0

dn: olcDatabase={1}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {1}ldap
olcDbURI: "ldap://ldapserver/"
olcDbStartTLS: start  starttls=yes
olcDbIDAssertBind: mode=self
 flags=prescriptive,proxy-authz-non-critical
 bindmethod=simple
 timeout=0
 network-timeout=0
 binddn="binddn"
 credentials="cred"
 keepalive=0:0:0
 starttls=yes
 tls_cacert="/etc/openldap/certs/CA.crt"
 tls_reqcert=demand
olcDbRebindAsUser: TRUE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbOnErr: continue
olcDbKeepalive: 0:0:0


Thanks in advance,

--
Tim
tim@yetanother.net