Openldap Chaining - openldap-technical

13 Feb 2013


      Hello guys here is my proceudre that I wrote for OpenLDAP chaining. My question is since I have a master and two slaves on the replication, where do these overlay go? On the slaves only or both master and slaves. Please respond. Thanks
·       
Create
/usr/local/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend
·       
Create
/usr/local/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend/olcOverlay={0}chain
·       
Add olcOverlay={0}chain.ldif to /usr/local/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend
dn: olcOverlay={0}chain
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainCacheURI: FALSE
olcChainMaxReferralDepth: 1
olcChainReturnError: TRUE
structuralObjectClass:
olcChainConfig
·       
Add olcDatabase={0}ldap.ldif to
/usr/local/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend/olcOverlay={0}chain
dn: olcDatabase={0}ldap
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbStartTLS: none 
starttls=no
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
structuralObjectClass:
olcLDAPConfig
·       
Add olcDatabase={1}ldap.ldif to
/usr/local/etc/openldap/slapd.d/cn=config/olcDatabase={-1}frontend/olcOverlay={0}chain
dn: olcDatabase={1}ldap
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {1}ldap
olcDbURI: "ldap://master.dc.us"
olcDbStartTLS: none 
starttls=no
olcDbIDAssertBind: mode=self
flags=prescriptive,proxy-authz-non-critical bindm
ethod=simple timeout=0
network-timeout=0 binddn="cn=manager,o=dc,c=us”
credentials="l4s3rj3t"
keepalive=0:0:0
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
structuralObjectClass: olcLDAPConfig
·       
Restart
slapd