Hi,
I have a problem with the configuration of the Chain Overlay.
Provider and Consumer are identical
CentOS release 6.5
rpm -qa | grep ldap
openldap-clients-2.4.23-34.el6_5.1.x86_64
openldap-2.4.23-34.el6_5.1.x86_64
apr-util-ldap-1.3.9-3.el6_0.1.x86_64
nss-pam-ldapd-0.7.5-18.2.el6_4.x86_64
mod_authz_ldap-0.26-16.el6.x86_64
pam_ldap-185-11.el6.x86_64
openldap-servers-2.4.23-34.el6_5.1.x86_64
On the Consumer I imported the ldif file:
dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: chain
olcChainCacheURI: FALSE
olcChainMaxReferralDepth: 1
olcChainReturnError: FALSE
and I created the file.
/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend/olcOverlay={1}chain.ldif
and after that I can not understand what I do. I've read a few things on the internet but have not been able to arrive at a solution,
I tried to import the ldif file:
dn: olcDatabase=ldap,olcOverlay={1}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: ldap
olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindmethod=simple timeout=0 network-timeout=0 binddn="uid=pippo,ou=admin_esercizio,ou=Utenze_Amministratori,dc=sociale,dc=it" credentials="*******" keepalive=0:0:0
olcDbIDAssertAuthzFrom: *
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
but what I try to import it, I get the following error
ldapadd -d 5 -H ldap://localhost:389 -x -W -D "cn=admin,cn=config" -f chaing_entry.ldif
res_errno: 32, res_error: <>, res_matched: <olcDatabase={-1}frontend,cn=config>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_add: No such object (32)
matched DN: olcDatabase={-1}frontend,cn=config
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
ldap_free_connection: actually freed
I do not know what to do !!!!
My problem is that I use the Consumer ldap for authentication of some applications
and if a user fails for more than 5 times the password, it should be blocked but being Consumer ldap read-only, the locking is not done !!!
HELP !!!
Ing. Stefano Elmopi
Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio
Via Ostiense 131/L Corpo B, 00154 Roma
cell. 3466147165
tel. 0657060500
email:stefano.elmopi@sociale.it
"Ai sensi e per gli effetti della legge sulla tutela dei dati personali (D.lgs 196/2003),
le informazioni contenute nella presente @mail sono di natura riservata e destinate
ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; come tali,
pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' proibito leggere,
copiare, usare o diffondere il contenuto della presente @mail senza autorizzazione.
Se avete ricevuto questa @mail per errore, siete pregati di rispedire la stessa al mittente.