Hi Folks,
I am having troubles configuring openladp to my requirements.
I am setting up an openldap server running on solaris 10 x86 to use as a ldap proxy authentication server.
My issue is that i cant get it to send authenticated simple binds to the backend ldap system. I am running wireshark and when i ldapsearch direct to the backend ldap i see a bind which looks like this :- Lightweight-Directory-Access-Protocol LDAPMessage bindRequest(1) "cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" simple messageID: 1 protocolOp: bindRequest (0) bindRequest version: 3 name: cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com authentication: simple (0) simple: 384174656C73747261316732
However when i initiate an ldapsearch to my local solaris slapd and capture the proxied backldap bind to the backend ldap system it looks like this :- Lightweight-Directory-Access-Protocol LDAPMessage bindRequest(1) "<ROOT>" simple messageID: 1 protocolOp: bindRequest (0) bindRequest version: 3 name: authentication: simple (0) simple: <MISSING>
I am having trouble working out from the documentation if it should be acl-bind or idassert-bind or some other option which influences the backend bind. I have tried both those to no avail. Here is the "database ldap" section from my slapd.conf
####################################################################### # ldap database definitions ####################################################################### database ldap uri "ldap://backendldap.core.dir.mycompany.com" suffix "ou=People,ou=eProfile,dc=core,dc=dir,dc=mycompany,dc=com" rootdn "dc=core,dc=dir,dc=mycompany,dc=com" acl-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password" idassert-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password" overlay pcache proxycache bdb 400 1 50 1200 directory /var/openldap-data cachesize 10000 index cn,sn,uid pres,eq,sub index objectclass eq
proxycachequeries 400 proxyattrset 0 uid mail cn sn givenName proxytemplate (uid=) 0 600 proxytemplate (mail=) 0 600 proxytemplate (&(uid=)(mail=)) 0 600
Any help would be greatly appreciated
Regards Rep
Hi Folks,
I am having troubles configuring openladp to my requirements.
I am setting up an openldap server running on solaris 10 x86 to use as a ldap proxy authentication server.
My issue is that i cant get it to send authenticated simple binds to the backend ldap system. I am running wireshark and when i ldapsearch direct to the backend ldap i see a bind which looks like this :- Lightweight-Directory-Access-Protocol LDAPMessage bindRequest(1) "cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" simple messageID: 1 protocolOp: bindRequest (0) bindRequest version: 3 name: cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com authentication: simple (0) simple: 384174656C73747261316732
However when i initiate an ldapsearch to my local solaris slapd and capture the proxied backldap bind to the backend ldap system it looks like this :- Lightweight-Directory-Access-Protocol LDAPMessage bindRequest(1) "<ROOT>" simple messageID: 1 protocolOp: bindRequest (0) bindRequest version: 3 name: authentication: simple (0) simple: <MISSING>
I am having trouble working out from the documentation if it should be acl-bind or idassert-bind or some other option which influences the backend bind. I have tried both those to no avail. Here is the "database ldap" section from my slapd.conf
####################################################################### # ldap database definitions ####################################################################### database ldap uri "ldap://backendldap.core.dir.mycompany.com" suffix "ou=People,ou=eProfile,dc=core,dc=dir,dc=mycompany,dc=com" rootdn "dc=core,dc=dir,dc=mycompany,dc=com" acl-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password" idassert-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password"
The relevant directive is "idassert-bind", since you appear to be looking for an identity assertion. I hope what you posted was screwed up by the mailer: continuation lines must start with whitespace. What is missing above is the "mode=self" parameter to "idassert-bind". Try something like
idassert-bind bindmethod=simple binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" credentials="password" mode=self
p.
overlay pcache proxycache bdb 400 1 50 1200 directory /var/openldap-data cachesize 10000 index cn,sn,uid pres,eq,sub index objectclass eq
proxycachequeries 400 proxyattrset 0 uid mail cn sn givenName proxytemplate (uid=) 0 600 proxytemplate (mail=) 0 600 proxytemplate (&(uid=)(mail=)) 0 600
Any help would be greatly appreciated
Regards Rep
openldap-technical@openldap.org
-
masarati@aero.polimi.it -
repudi8or repu