Hello,
I'm pretty new to this list, and maybe/hopefully someone could help ...
I work at a chair at a german university, and we would like to use the central AD of theat university for our chair - by using a ldap-proxy system, so that there's only one connection to the central AD, and not ~70 (all of our computers, etc.). I can search the AD by using this (modified) command: ldapsearch -LLL "(cn=FIRSTNAME LASTNAME)" -H ldaps://ldap.UNIVERSITY.de -b dc=university,dc=de -D cn=special,ou=group,dc=university,dc=de -W
For locally installed applications I can use this /etc/pam_ldap.conf: uri ldaps://ldap.university.de host ldap.university.de base ou=group,ou=hosts,dc=university,dc=de ldap_version 3 binddn cn=special,ou=group,dc=university,dc=de bindpw password pam_password crypt ssl start_tls ssl on
To set-up the local ldap-proxy, I tried to follow this description, but it won't work (and I guess its not realy correct, as the config-file is there twice): https://doc.owncloud.com/server/admin_manual/configuration/ldap/ldap_proxy_c... When running "slaptest -f /etc/ldap/slapd.conf" I get these errors: 5ebd3ec5 /etc/ldap/slapd.conf: line 102: warning, source attributeType 'dn' should be defined in schema 5ebd3ec5 PROXIED attributeDescription "DN" inserted. 5ebd3ec5 hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). Expect poor performance for suffix "ou=group,ou=hosts,dc=university,dc=de". 5ebd3ec5 hdb_db_open: database "ou=lsafp,ou=hosts,dc=university,dc=de": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2). 5ebd3ec5 backend_startup_one (type=hdb, suffix="ou=group,ou=hosts,dc=university,dc=de"): bi_db_open failed! (2) 5ebd3ec5 backend_startup_one (type=ldap, suffix="ou=group,ou=hosts,dc=university,dc=de"): bi_db_open failed! (2) slap_startup failed (test would succeed using the -u switch)
Now my questions: - where and how to put the data to do a query versus the central AD? (binddn & bindpw part) - where to define the local ldap-database? (I guess that has to be created an will be filled automatically...?)
The system I'm using is a Debian 10.4 one. slapd -V: @(#) $OpenLDAP: slapd (Apr 20 2020 18:19:54) $ Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org
Sorry, english is not my native language ...
Thanks a lot for reading! ;)
Cheers, Torsten