Hi,
I have a problem with meta backend feature.
I need to get data from two different LDAP under a unique dn. The two ldap are an active directory and another ldap that should be on the same Open LDAP instance of the meta backend.
Actually to test the solution I'm usind Open LDAP Windows version.
This is my sladp config:
# LDIF Backend configuration file # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/nis.schema include ./schema/inetorgperson.schema include ./schema/openldap.schema include ./schema/dyngroup.schema
pidfile ./run/slapd.pid argsfile ./run/slapd.args
# Enable TLS if port is defined for ldaps
TLSVerifyClient never TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCertificateFile ./secure/certs/server.pem TLSCertificateKeyFile ./secure/certs/server.pem TLSCACertificateFile ./secure/certs/server.pem
####META database meta suffix "dc=proxy,dc=company,dc=it" rootdn "cn=Manager,dc=proxy,dc=company,dc=it" rootpw "secret" uri "ldap://adhost:390/dc=proxy,dc=company,dc=it" suffixmassage "dc=proxy,dc=company,dc=it" "dc=company,dc=cosmag,dc=it" lastmod off idassert-bind bindmethod=simple binddn="cn=Manager,dc=company,dc=cosmag,dc=it" credentials="password" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=Manager,dc=proxy,dc=company,dc=it" acl-authcDN "cn=Manager,dc=company,dc=cosmag,dc=it" acl-passwd "password"
uri "ldap://localhost:389/dc=proxy,dc=company,dc=it" suffixmassage "dc=proxy,dc=company,dc=it" "dc=portal,dc=company,dc=it" lastmod off idassert-bind bindmethod=simple binddn="cn=Manager,dc=portal,dc=company,dc=it" credentials="secret" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=Manager,dc=proxy,dc=company,dc=it" acl-authcDN "cn=Manager,dc=portal,dc=company,dc=it" acl-passwd "secret"
####################################################################### # ldif database definitions ####################################################################### database ldif directory ./ldifdata suffix "dc=portal,dc=company,dc=it" rootdn "cn=Manager,dc=portal,dc=company,dc=it" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}Bww72HPj9nrNxrLAQxuTqP1Z0zuafPPd
The server start normally, but when I do a search starting from base dn "dc=proxy,dc=company,dc=it" nothing is returned:
ldapsearch -H ldap://localhost:389 -x -D "cn=Manager,dc=proxy,dc=company,dc=it" -W -b "dc=proxy,dc=company,dc=it" -s base -a always -z 1 "(objectClass=*)" "hasSubordinates" "objectClass"
# baseObject : dc=proxy,dc=company,dc=it # scope : baseObject (0) # derefAliases : derefAlways (3) # sizeLimit : 1 # timeLimit : 0 # typesOnly : False # filter : (objectClass=*) # attributes : hasSubordinates objectClass
#!SEARCH RESULT DONE (32) OK #!CONNECTION ldap://localhost:389 #!DATE 2015-06-16T07:38:21.970 # numEntries : 0
Server log returns:
conn=1000 op=6 <<< meta_back_search_start[1]=0 conn=1000 op=6 meta_back_search: ncandidates=0 cnd="**" conn=1000 op=6 meta_back_search: base="dc=proxy,dc=company,dc=it" scope=0: no candidate could be selected send_ldap_result: conn=1000 op=6 p=3 send_ldap_response: msgid=7 tag=101 err=52
Where is my mistake? There is something that I have missed in configuration?
Best Regards
Pierluca