Il 18/11/2015 02:32, Quanah Gibson-Mount ha scritto:
--On Tuesday, November 17, 2015 7:57 PM +0200 Fr3ddie fr3ddie@fr3ddie.it wrote:
Il 10/11/2015 13:06, Fr3ddie ha scritto:
Hello to the list,
Nobody has any hint?
I suggest reading the code, because the answer is actually fairly obvious if you look at slapd-meta/config.c:
"NAME 'olcMetaTargetConfig' " "MUST ( olcMetaSub $ olcDbURI ) "Yet you aren't using the olcMetaTargetConfig objectClass in your entry.
Thank you very much for your help Quanah. Please excuse the delay, I have not been able to access the servers to perform other tests during this period...
I tried your suggestion and read the code, as much as I could have been able to.
Then I modified the ldif file in order to create the meta-DB and its sub-DBs containing the URIs of the target servers (if I correctly understood):
version: 1
dn: olcDatabase={3}meta,cn=config objectClass: olcDatabaseConfig objectClass: olcMetaConfig olcDatabase: {3}meta olcSuffix: dc=loc1,dc=root olcSuffix: dc=loc2,dc=root olcSuffix: dc=loc3,dc=root olcDbConnTtl: 240 olcDbRebindAsUser: FALSE
dn: olcMetaSub={0}uri,olcDatabase={3}meta,cn=config objectClass: olcConfig objectClass: olcMetaTargetConfig olcMetaSub: {0}uri olcDbUri: "ldap://server-loc1.loc1.root/dc=loc1,dc=root" olcDbIdAssertBind: bindmethod=simple binddn="cn=admin,dc=loc1,dc=root" credentials=xxxxxxxxx starttls=yes tls_reqcert=demand
dn: olcMetaSub={1}uri,olcDatabase={3}meta,cn=config objectClass: olcConfig objectClass: olcMetaTargetConfig olcMetaSub: {1}uri olcDbUri: "ldap://server-loc2.loc2.root/dc=loc2,dc=root" olcDbIdAssertBind: bindmethod=simple binddn="cn=admin,dc=loc2,dc=root" credentials=xxxxxxxxx starttls=yes tls_reqcert=demand
[...]
Modifying the ldif file as such I'm able to load it into the DB with no complains by slapd. The problem is that I'm still unable to see the remote DITs using, e.g., Apache Directory Studio; the log on the server reports this:
Mar 1 12:40:08 server-loc0 slapd[1210]: conn=149188 op=9 meta_search_dobind_init[0] mc=0xa119b38: non-empty dn with empty cred; binding anonymously
On the target server the log reports nothing. It seems slapd is ignoring my configuration for authentication to remote targets (olcDbIdAssertBind): what can I try now? Is it possible that this is a bug or, instead, it's still my misconfiguration?
Thank you again for your help