I have three servers running openldap 2.4. On superior server I have all account information. ldap://a.example.com On subordinate server I have an address book. ldap://b.example.com On third server I use an ldap backend to tie the two together. ldap://c.example.com
Using 3rd server (ldap://c.example.com) to search and modify, I can authenticate on 1st server (a.example.com). But because no user account information is stored on 2nd server (b.example.com) I can't authenticate, or modify any entries there.
My question is, how do I set up the ability to change entries in the subordinate database, if no entries can be bound to?
Server One:
olcSuffix: dc=example,dc=com olcDatabase: {1}hdb olcDBDirectory: /var/lib/ldap
With an entry like so:
dn: ou=address,dc=example,dc=com objectClass: extensibleobject objectClass: referral ou: address ref: ldap://b.example.com
Server 2:
olcReferral: ldap://a.example.com
olcSuffix: ou=address,dc=example,dc=com olcDatabase: {1}hdb olcDBDirectory: /var/lib/ldap
With an entry:
dn: cn=Bob,ou=address,dc=example,dc=com objectClass: inetorgperson cn: Bob gn: Bob sn: Smith
Server 3:
olcSuffix: dc=example,dc=com olcDatabase: {1}ldap olcDBUri: ldap://a.example.com olcDBRebindAsUser: TRUE olcDBChaseReferrals: TRUE