open ldap meta backend empty search - openldap-technical

17 Jun 2015


      Hi,
I have a problem with meta backend feature.
I need to get data from two different LDAP under a unique dn. The two ldap
are an active directory and another ldap that should be on the same Open
LDAP instance of the meta backend.
Actually to test the solution I'm usind Open LDAP Windows version.
This is my sladp config:
# LDIF Backend configuration file
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/nis.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/dyngroup.schema
pidfile ./run/slapd.pid
argsfile ./run/slapd.args
# Enable TLS if port is defined for ldaps
TLSVerifyClient never
TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSCertificateFile ./secure/certs/server.pem
TLSCertificateKeyFile ./secure/certs/server.pem
TLSCACertificateFile ./secure/certs/server.pem
####META
database meta
suffix "dc=proxy,dc=company,dc=it"
rootdn "cn=Manager,dc=proxy,dc=company,dc=it"
rootpw           "secret"
uri "ldap://adhost:390/dc=proxy,dc=company,dc=it"
suffixmassage "dc=proxy,dc=company,dc=it" "dc=company,dc=cosmag,dc=it"
lastmod       off
idassert-bind
bindmethod=simple
binddn="cn=Manager,dc=company,dc=cosmag,dc=it"
credentials="password"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=proxy,dc=company,dc=it"
acl-authcDN "cn=Manager,dc=company,dc=cosmag,dc=it"
acl-passwd  "password"
uri "ldap://localhost:389/dc=proxy,dc=company,dc=it"
suffixmassage  "dc=proxy,dc=company,dc=it" "dc=portal,dc=company,dc=it"
lastmod       off
idassert-bind
bindmethod=simple
binddn="cn=Manager,dc=portal,dc=company,dc=it"
credentials="secret"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=proxy,dc=company,dc=it"
acl-authcDN "cn=Manager,dc=portal,dc=company,dc=it"
acl-passwd  "secret"
#######################################################################
# ldif database definitions
#######################################################################
database ldif
directory ./ldifdata
suffix "dc=portal,dc=company,dc=it"
rootdn "cn=Manager,dc=portal,dc=company,dc=it"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw    {SSHA}Bww72HPj9nrNxrLAQxuTqP1Z0zuafPPd
The server start normally, but when I do a search starting from base dn
"dc=proxy,dc=company,dc=it" nothing is returned:
ldapsearch -H ldap://localhost:389 -x -D
"cn=Manager,dc=proxy,dc=company,dc=it" -W -b "dc=proxy,dc=company,dc=it" -s
base -a always -z 1 "(objectClass=*)" "hasSubordinates" "objectClass"
# baseObject   : dc=proxy,dc=company,dc=it
# scope        : baseObject (0)
# derefAliases : derefAlways (3)
# sizeLimit    : 1
# timeLimit    : 0
# typesOnly    : False
# filter       : (objectClass=*)
# attributes   : hasSubordinates objectClass
#!SEARCH RESULT DONE (32) OK
#!CONNECTION ldap://localhost:389
#!DATE 2015-06-16T07:38:21.970
# numEntries : 0
Server log returns:
conn=1000 op=6 <<< meta_back_search_start[1]=0
 conn=1000 op=6 meta_back_search: ncandidates=0 cnd="**"
 conn=1000 op=6 meta_back_search: base="dc=proxy,dc=company,dc=it" scope=0:
no candidate could be selected
 send_ldap_result: conn=1000 op=6 p=3
 send_ldap_response: msgid=7 tag=101 err=52
Where is my mistake? There is something that I have missed in configuration?
Best Regards
Pierluca