Hi,
Main LDAP server is 2.4 on openSUSE. The memberof overlay is in use.
On any openSUSE clients (also OpenLDAP 2.4), ldapsearch on a uid with a
'+' for the attribute arguments correctly returns the memberOf
attributes as created by the overlay.
On Scientific Linux 5.4 I have a build of OpenLDAP 2.4 (not mine,
supplied by our vendor which repackages some components). I've setup a
proxy server there which uses slapd-ldap to proxy connections back to
the openSUSE LDAP server.
On the SL system, ldapsearch talking directly to the openSUSE server
correctly returns the memberOf attributes when using '+'. But when going
through the local proxy server, they don't appear. The server log says
"PROXIED attributeDescription "MEMBEROF" inserted"; if I specify the
attribute explicitly (e.g. ldapsearch uid=liam memberof) the memberOf
attributes are displayed, but all in capitals, as if there's a schema
missing.
One possibly important point: we're using the rfc2307bis schema on our
main server, and this isn't supplied with the SL distribution of
OpenLDAP, so I've just copied it over to the SL system.
I think this suggests a broken build of OpenLDAP 2.4 supplied by our
vendor, but is there anything I might be doing wrong? The proxy server's
slapd.conf file is as so:
include /cm/local/apps/openldap/etc/schema/core.schema
include /cm/local/apps/openldap/etc/schema/cosine.schema
include /cm/local/apps/openldap/etc/schema/inetorgperson.schema
include /cm/local/apps/openldap/etc/schema/rfc2307bis.schema
include /cm/local/apps/openldap/etc/schema/rcsperson.schema
argsfile /var/run/openldap/slapd.args
pidfile /var/run/openldap/slapd.pid
database ldap
monitoring off
uri
ldap://opensuse.ldapserver.example.com
tls start tls_cacertdir=/etc/openldap/certs
suffix dc=example,dc=com
rootdn "cn=admin,dc=example,dc=com"
--
Liam Gretton liam.gretton(a)le.ac.uk
HPC Architect
http://www.le.ac.uk/its/
IT Services Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom