Hi folks,
My old chain configuration in slapd.conf works fine and looks like this:
################################################# moduleload back_ldap overlay chain chain-uri ldap://ldaps.example.com:389/ chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=ldaps2,dc=example,dc=com" credentials=bilineatus mode=self chain-return-error TRUE ################################################# (Debian lenny, slapd v2.4.11-1)
Some research has led me to believe that the proper cn=config equivalent in LDIF format would start like this:
################################################# dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}back_ldap
dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain ################################################# (Debian squeeze, slapd v2.4.23-6)
Does that look correct? If so, could someone please explain how to translate the other chain overlay directives I've used as well?
I've tried translating the old configuration with slaptest, but it seems to ignore the existing chain configuration completely -- not even the back_ldap module gets loaded as a result.
I've also tried searching the schema for them with this command:
~# ldapsearch -LLQY EXTERNAL -H ldapi:/// -b cn=schema,cn=config \ -s base | grep -A 2 -i chain
However, the list of candidates that I've found with it seems incomplete:
slapd.conf chain overlay directive => cn=config equivalent attribute ---------------------------------------------------------------------- chain-cache-uri => olcChainCacheURI chain-chaining => olcChainingBehavior chain-idassert-bind => ?? chain-max-depth => olcChainMaxReferralDepth chain-rebind-as-user => ?? chain-return-error => olcChainReturnError chain-uri => ?? ?? => olcChainConfig ?? => olcChainDatabase
Can anyone fill in what's missing?
Thanks,
Jaap
Quoting Jaap Winius jwinius@umrk.nl:
Attempting to answer my own question, my current configuration doesn't seem to want to work just yet, but the chain setup now looks like this:
################################################# dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: {1}back_ldap
dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain olcChainReturnError: TRUE
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: {0}ldap olcDbURI: ldap://ldaps.example.com:389/ olcDbRebindAsUser: TRUE olcDbIDAssertBind: bindmethod=simple binddn="cn=ldaps2,dc=example,dc=com" credentials=bilineatus mode=self ################################################# (Debian squeeze, slapd v2.4.23-6)
Does this look okay? At least it covers all the attributes I was missing.
Cheers,
Jaap
openldap-technical@openldap.org