Binding through a chaining. It's possible? - openldap-technical

8 Dec 2015


      Hello,
I'm having trouble making binding through a chaining. I have 2 servers,
server 1 has a referral ou pointing to a another server (server2). Server1
has the following configuration:
dn: olcOverlay=chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
objectClass: top
olcOverlay: chain
olcChainCacheURI: FALSE
olcChainMaxReferralDepth: 1
olcChainReturnError: TRUE
dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: ldap
olcDbURI: "ldap://server2"
olcDbStartTLS: none starttls=no
olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical
bindmethod=simple timeout=0 network-timeout=0
binddn="cn=admin,dc=example,dc=ar" credentials="password" keepalive=0:0:0
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
...
From the server1 I can make changes and searches without problems to
entries on server2 (the chaining works fine for this), but when I want to
make a binding, it gives me invalid credentials.
For instance:
mboscovich@mambo-tango:~$ ldapwhoami -vvv -h server1 -x -D
"uid=useronserver02,ou=users,dc=example,dc=ar" -W
ldap_initialize( ldap://server1:389 )
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
If I make the same query but to the server2 where is hosted the entry (so
not the chaining is used) the binding runs smoothly:
mboscovich@mambo-tango:~$ ldapwhoami -vvv -h server2 -x -D
"uid=useronserver02,ou=users,dc=example,dc=ar" -W
ldap_initialize( ldap://server2:389 )
Enter LDAP Password:
dn:uid=useronserver02,ou=users,dc=example,dc=ar"
Result: Success (0)
The logs on server1 when it's fail, show this:
Dec  8 19:19:55 server1 slapd[2219]: conn=1014 fd=20 ACCEPT from IP=
10.0.2.2:52358 (IP=0.0.0.0:389)
Dec  8 19:19:55 server1 slapd[2219]: conn=1014 op=0 BIND
dn="uid=useronserver2,dc=example,dc=ar" method=128
Dec  8 19:19:55 server1 slapd[2219]: conn=1014 op=0 RESULT tag=97 err=49
text=
Dec  8 19:19:55 server1 slapd[2219]: conn=1014 op=1 UNBIND
Dec  8 19:19:55 server1 slapd[2219]: conn=1014 fd=20 closed
and on the server02 i couldn't see any log in this case.
What am I doing wrong?.
Regards
Maximiliano Boscovich