LDAP proxy issue

24 Aug 2015


      note:  Apologize if this dupes; think i sent original out before i was
approved on mailing list.
A bit stuck; bear with me;  somewhat of a LDAP nubbie; sure i am missing
something simple,
Trying to get a local server to AUTH locally to its own openldap-server and
then proxy to corporate LDAP if user is not found locally.
1.  Local users work
2.  AUTH to local LDAP server works
3.  AUTH to corporate LDAP does NOT work
4.  LDAP search to corporate works when using local server (ack!?!)
user = corporate LDAP account
internal ldap = users - internal.com
corporate ldap = people - datacenter.corporate.com
note: anonymous bind is enabled on corporate.
oot@ sssd]# ldapsearch -h 127.0.0.1 -x -b
"uid=user,ou=people,dc=datacenter,dc=corporate,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=user,ou=people,dc=datacenter,dc=corporate,dc=com> with scope
subtree
# filter: (objectclass=*)
# requesting: ALL
#
# user, People, datacenter.corporate.com
dn: uid=user,ou=People,dc=datacenter,dc=corporate,dc=com
uid: user
cn:
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax:
shadowWarning:
loginShell: /bin/bash
uidNumber:
gidNumber:
homeDirectory: /home/users/user
gecos: user
shadowLastChange: 16461
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Setup slap.d;
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=internal,dc=com"
checkpoint 1024 15
rootdn "cn=adm,dc=internal,dc=com"
rootpw {SSHA}aaaaa
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
#proxy ldap
database ldap
suffix "ou=People,dc=datacenter,dc=corp,dc=com"
uri "ldap://1.1.1.1:389/"
idassert-bind bindmethod=none
ldap.conf
URI ldap://127.0.0.1
BASE dc=internal,dc=com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

LDAP proxy issue