Hello,
I use the rwm overlay to forward the authentication of some users to the general ldap replicas of my corp.
Part of slapd.conf :
########################### ... overlay rwm rwm-rewriteEngine on rwm-rewriteContext bindDN rwm-rewriteMap ldap mysearch "ldap:// ldap.example.com:389/ou=users,dc=example,dc=com?dn?sub" rwm-rewriteRule "^uid=([^,]+),ou=people,dc=[^,]+,dc=example,dc=com$" "${mysearch((&(objectClass=posixAccount)(uid=$1)))}" ":@I"
database ldap suffix "ou=users,dc=example,dc=com" uri "ldap://ldap.example.com:389/" restrict read write extended
database bdb suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw mypassword directory /var/db/openldap-data/mydb ... ############################
Now I converted the 'slapd.conf' to 'cn=config' with slaptest, the remote authentication stopped working; and looking at cn=config, all the rules are there...
Any Ideas ? Rafael NAVAZA.
Hi,
I got it working :
overlay rwm MUST be declared before "database config" in slapd.conf, then it will be placed in "olcDatabase={-1}frontend" when converting with "slaptest -f slapd.conf -F slapd.d"
Rafael.
Hello,
I use the rwm overlay to forward the authentication of some users to the general ldap replicas of my corp.
Part of slapd.conf :
########################### ... overlay rwm rwm-rewriteEngine on rwm-rewriteContext bindDN rwm-rewriteMap ldap mysearch "ldap:// ldap.example.com:389/ou=users,dc=example,dc=com?dn?sub" rwm-rewriteRule "^uid=([^,]+),ou=people,dc=[^,]+,dc=example,dc=com$" "${mysearch((&(objectClass=posixAccount)(uid=$1)))}" ":@I"
database ldap suffix "ou=users,dc=example,dc=com" uri "ldap://ldap.example.com:389/" restrict read write extended
database bdb suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw mypassword directory /var/db/openldap-data/mydb ... ############################
Now I converted the 'slapd.conf' to 'cn=config' with slaptest, the remote authentication stopped working; and looking at cn=config, all the rules are there...
Any Ideas ? Rafael NAVAZA.
Frava wrote:
Hi,
I got it working :
overlay rwm MUST be declared before "database config" in slapd.conf, then it will be placed in "olcDatabase={-1}frontend" when converting with "slaptest -f slapd.conf -F slapd.d"
Of course since you omitted that part of the slapd.conf you posted, nobody on the mailing list could have known this was relevant to your problem.
And for such global config items, you can eliminate all uncertainty by simply using "database frontend" to hold these overlays.
Rafael.
Hello, I use the rwm overlay to forward the authentication of some users to the general ldap replicas of my corp. Part of slapd.conf : ########################### ... overlay rwm rwm-rewriteEngine on rwm-rewriteContext bindDN rwm-rewriteMap ldap mysearch "ldap://ldap.example.com:389/ou=users,dc=example,dc=com?dn?sub <http://ldap.example.com:389/ou=users,dc=example,dc=com?dn?sub>" rwm-rewriteRule "^uid=([^,]+),ou=people,dc=[^,]+,dc=example,dc=com$" "${mysearch((&(objectClass=posixAccount)(uid=$1)))}" ":@I" database ldap suffix "ou=users,dc=example,dc=com" uri "ldap://ldap.example.com:389/ <http://ldap.example.com:389/>" restrict read write extended database bdb suffix "dc=example,dc=com" rootdn "cn=admin,dc=example,dc=com" rootpw mypassword directory /var/db/openldap-data/mydb ... ############################ Now I converted the 'slapd.conf' to 'cn=config' with slaptest, the remote authentication stopped working; and looking at cn=config, all the rules are there... Any Ideas ? Rafael NAVAZA.
openldap-technical@openldap.org