Hallvard B Furuseth wrote:
I can only guess since you don't show your slapd.conf, but it sounds like you didn't put database relay above relay "dc=example,dc=com" but instead put the relay directive under some other database.
Thanks for replay. I all ready define database relay in slapd.conf.
This my slapd configuration. You can get much clear picture using slapd configuration.
------------------------------------------------------------- allow bind_v2 allow bind_anon_dn loglevel 0
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/myschema.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
#Database module loading #moduleload /usr/lib/ldap/back_hdb.so moduleload /usr/lib/ldap/back_bdb.so moduleload /usr/lib/ldap/rwm.so moduleload /usr/lib/ldap/back_relay.so
database bdb database relay overlay rwm suffix "dc=example,dc=com" relay "dc=example,dc=com" rootdn "uid=support,ou=people,dc=example,dc=com"
password-hash {SSHA} directory /var/lib/ldap index objectClass eq
rwm-rewriteEngine on rwm-suffixmassage "dc=example,dc=com"
rwm-rewriteMap ldap mail2uid ldap://localhost/ou=people,dc=example,dc=com?uid?sub rwm-rewriteMap ldap uid2mail ldap://localhost/ou=people,dc=example,dc=com?mail?sub rwm-rewriteContext searchEntryDN rwm-rewriteRule "^(.+,)?(mail=[^,]+),.example.com$" "$1uid=${mail2uid($2)},ou=people,dc=example,dc=com" ":@I"
rwm-rewriteContext searchEntryUID2Mail rwm-rewriteRule "^(.+,)?(uid=[^,]+),ou=people,dc=example,dc=com$" "$1mail=${uid2mail($2)},exmple.com" ":@I"
access to attrs="userPassword,sambaLMPassword,sambaNTPassword" by dn="uid=support,ou=people,dc=example,dc=com" write by anonymous auth by self write by * none
access to dn.subtree="dc=example,dc=com" by dn="uid=dc=support,dc=com,ou=people,dc=example,dc=com" read by self write by users read
access to dn.subtree="ou=people,dc=example,dc=com" by dn="uid=dc=support,dc=com,ou=people,dc=example,dc=com" read by users read
access to dn.subtree="ou=group,dc=example,dc=com" by dn="uid=dc=support,dc=com,ou=people,dc=example,dc=com" read by users read
access to dn.subtree="ou=addressbook,dc=example,dc=com" by dn="uid=dc=support,dc=com,ou=people,dc=example,dc=com" read by users read
access to dn.subtree="dc=example,dc=com" by none
cachesize 1500 sizelimit 1500 --------------------------------------------------