Hi,
I would like to set up a OpenLDAP proxy with meta-backend. I have a test environment with two windows 2019 ADs and one OpenLDAP-server configured as proxy. At the beginning all the authentication are med with admin-accounts, it's the first step just testing. Here is my slapd.conf:
----------------------- Include /etc/ldap/schema/core.schema Include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/pmi.schema include /etc/ldap/schema/ppolicy.schema
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules: modulepath /usr/lib/ldap moduleload rwm.la moduleload back_meta.la moduleload back_ldap.la
loglevel 4095
####################################################################### # MDB database definitions #######################################################################
database meta suffix "dc=example,dc=de" rootdn "cn=admin,dc=example,dc=de" rootpw secret
uri "ldap://192.168.56.201/ou=firma-01,dc=example,dc=de" readonly yes lastmod off suffixmassage "ou=firma-01,dc=example,dc=de" "ou=firma-01,dc=dom01,dc=example,dc=net" map attribute uid sAMAccountName idassert-bind bindmethod=simple binddn="cn=administrator,cn=Users,dc=dom01,dc=example,dc=net" credentials="Passw0rd" idassert-authzFrom "*"
uri "ldap://192.168.56.202/ou=firma-02,dc=example,dc=de" readonly yes lastmod off suffixmassage "ou=firma-02,dc=example,dc=de" "ou=firma-02,dc=dom02,dc=example,dc=com" map attribute uid sAMAccountName idassert-bind bindmethod=simple binddn="CN=Administrator,CN=Users,DC=dom02,dc=example,DC=com" credentials="Passw0rd" idassert-authzFrom "*" -----------------------
on my proxy I can do a "ldapsearch -x " and I can see all the wanted entries from both ADs. This is my ldap.conf on the proxy: ----------------------- BASE dc=example,dc=de URI ldap://192.168.56.210 ----------------------- 192.168.56.210 is my proxy.
But now I would like to connect a client to the proxy to get the entries. The ldap.conf file is the same as on the proxy. But what ever I try I got now result. ---------------------- root@proxy-client:~# ldapsearch -x -D cn=admin,dc=example,dc=de -W -LLL No such object (32)
root@proxy-client:~# ldapsearch -x -LLL No such object (32) ----------------------
What am I missing?
Thank's for any help
Stefan
Hi Stefan,
On Sun, 2021-02-14 at 18:46 +0100, Stefan Kania wrote:
I would like to set up a OpenLDAP proxy with meta-backend. I have a test environment with two windows 2019 ADs and one OpenLDAP-server configured as proxy. [...] [...]
But now I would like to connect a client to the proxy to get the entries. The ldap.conf file is the same as on the proxy. But what ever I try I got now result.
root@proxy-client:~# ldapsearch -x -D cn=admin,dc=example,dc=de -W -LLL No such object (32)
root@proxy-client:~# ldapsearch -x -LLL No such object (32)
What am I missing?
Did you try with the meta-DB's suffix as search base?
ldapsearch -LLL -x -D cn=admin,dc=example,dc=de -W -b dc=example,dc=de
Kind regards, Tilman
Am 23.02.21 um 16:50 schrieb Tilman Kranz:
Hi Stefan,
On Sun, 2021-02-14 at 18:46 +0100, Stefan Kania wrote:
I would like to set up a OpenLDAP proxy with meta-backend. I have a test environment with two windows 2019 ADs and one OpenLDAP-server configured as proxy. [...] [...]
But now I would like to connect a client to the proxy to get the entries. The ldap.conf file is the same as on the proxy. But what ever I try I got now result.
root@proxy-client:~# ldapsearch -x -D cn=admin,dc=example,dc=de -W -LLL No such object (32)
root@proxy-client:~# ldapsearch -x -LLL No such object (32)
What am I missing?
Did you try with the meta-DB's suffix as search base?
ldapsearch -LLL -x -D cn=admin,dc=example,dc=de -W -b dc=example,dc=de
Kind regards, Tilman
Hi Tilman, thank's for your answer but i solved the problem. I got the wrong suffix from the customer so if the suffix of the ADs is correct the answer can only be "no such object". I finally got it running
Stefan
openldap-technical@openldap.org
-
Stefan Kania -
Tilman Kranz