Hi,

I have a problem with meta backend feature.

I need to get data from two different LDAP under a unique dn. The two ldap are an active directory and another ldap that should be on the same Open LDAP instance of the meta backend.

Actually to test the solution I'm usind Open LDAP Windows version.

This is my sladp config:

# LDIF Backend configuration file
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/nis.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/dyngroup.schema


pidfile ./run/slapd.pid
argsfile ./run/slapd.args


# Enable TLS if port is defined for ldaps


TLSVerifyClient never
TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSCertificateFile ./secure/certs/server.pem
TLSCertificateKeyFile ./secure/certs/server.pem
TLSCACertificateFile ./secure/certs/server.pem

####META
database meta
suffix "dc=proxy,dc=company,dc=it"
rootdn "cn=Manager,dc=proxy,dc=company,dc=it"
rootpw           "secret"
uri "ldap://adhost:390/dc=proxy,dc=company,dc=it"
suffixmassage "dc=proxy,dc=company,dc=it" "dc=company,dc=cosmag,dc=it"
lastmod       off
idassert-bind 
bindmethod=simple 
binddn="cn=Manager,dc=company,dc=cosmag,dc=it" 
credentials="password" 
mode=none 
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=proxy,dc=company,dc=it"
acl-authcDN "cn=Manager,dc=company,dc=cosmag,dc=it"
acl-passwd  "password"

uri "ldap://localhost:389/dc=proxy,dc=company,dc=it"
suffixmassage  "dc=proxy,dc=company,dc=it" "dc=portal,dc=company,dc=it"
lastmod       off
idassert-bind 
bindmethod=simple 
binddn="cn=Manager,dc=portal,dc=company,dc=it" 
credentials="secret" 
mode=none 
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=proxy,dc=company,dc=it"
acl-authcDN "cn=Manager,dc=portal,dc=company,dc=it"
acl-passwd  "secret"

#######################################################################
# ldif database definitions
#######################################################################
database ldif
directory ./ldifdata
suffix "dc=portal,dc=company,dc=it"
rootdn "cn=Manager,dc=portal,dc=company,dc=it"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw    {SSHA}Bww72HPj9nrNxrLAQxuTqP1Z0zuafPPd

The server start normally, but when I do a search starting from base dn "dc=proxy,dc=company,dc=it" nothing is returned:

ldapsearch -H ldap://localhost:389 -x -D "cn=Manager,dc=proxy,dc=company,dc=it" -W -b "dc=proxy,dc=company,dc=it" -s base -a always -z 1 "(objectClass=*)" "hasSubordinates" "objectClass"

# baseObject   : dc=proxy,dc=company,dc=it
# scope        : baseObject (0)
# derefAliases : derefAlways (3)
# sizeLimit    : 1
# timeLimit    : 0
# typesOnly    : False
# filter       : (objectClass=*)
# attributes   : hasSubordinates objectClass

#!SEARCH RESULT DONE (32) OK
#!CONNECTION ldap://localhost:389
#!DATE 2015-06-16T07:38:21.970
# numEntries : 0

Server log returns:

 conn=1000 op=6 <<< meta_back_search_start[1]=0
 conn=1000 op=6 meta_back_search: ncandidates=0 cnd="**"
 conn=1000 op=6 meta_back_search: base="dc=proxy,dc=company,dc=it" scope=0: no candidate could be selected
 send_ldap_result: conn=1000 op=6 p=3
 send_ldap_response: msgid=7 tag=101 err=52


Where is my mistake? There is something that I have missed in configuration?

Best Regards

Pierluca