Hi folks,

My old chain configuration in slapd.conf works fine and looks like this:

################################################# moduleload back_ldap overlay chain chain-uri ldap://ldaps.example.com:389/ chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=ldaps2,dc=example,dc=com" credentials=bilineatus mode=self chain-return-error TRUE ################################################# (Debian lenny, slapd v2.4.11-1)

Some research has led me to believe that the proper cn=config equivalent in LDIF format would start like this:

################################################# dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}back_ldap

dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain ################################################# (Debian squeeze, slapd v2.4.23-6)

Does that look correct? If so, could someone please explain how to translate the other chain overlay directives I've used as well?

I've tried translating the old configuration with slaptest, but it seems to ignore the existing chain configuration completely -- not even the back_ldap module gets loaded as a result.

I've also tried searching the schema for them with this command:

~# ldapsearch -LLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config \ -s base | grep -A 2 -i chain

However, the list of candidates that I've found with it seems incomplete:

slapd.conf chain overlay directive => cn=config equivalent attribute ---------------------------------------------------------------------- chain-cache-uri => olcChainCacheURI chain-chaining => olcChainingBehavior chain-idassert-bind => ?? chain-max-depth => olcChainMaxReferralDepth chain-rebind-as-user => ?? chain-return-error => olcChainReturnError chain-uri => ?? ?? => olcChainConfig ?? => olcChainDatabase

Can anyone fill in what's missing?

Thanks,

Jaap