After patching, and using the same configuration as I had when the chain
overlay was causing issues with slapcat and
restarting slapd, I now get prompted with a referral instead of it being
automatically chased. However, it does
automatically fill in the DN and password to rebind with:
r...@somehost:~# ldapvi -h localhost --bind=simple -D
cn=admin,dc=example,dc=com -w `cat /etc/ldap.secret` --discover
159 entries read
add: 0, rename: 0, modify: 1, delete: 0
Action? [yYqQvVebB*rsf+?] y
Received referral to
ldap://ldapmaster.example.com/uid=ryans,ou=Users,dc=example,dc=com.
You are not logged in to ldap://ldapmaster.example.com:389 yet.
Type '!' or 'y' to do so.
Rebind? [y!nB*qQ?] y
--- Login
Type M-h for help on key bindings.
Filter or DN: cn=admin,dc=example,dc=com
Password: ***********
Bound as cn=admin,dc=example,dc=com.
Done.
Before, I never got prompted with this message when using ldapvi, which makes
me think that chaining is no longer
working. For reference, I am using the same configuration as is documented in
test022-ppolicy:
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb.la
olcModuleLoad: {1}autogroup.la
olcModuleLoad: {2}syncprov.la
olcModuleLoad: {3}back_ldap.la
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {0}ldap
olcDbURI: ldap://ldapmaster.example.com
olcDbIDAssertBind: bindmethod=simple binddn="cn=admin,dc=example,dc=com"
credentials=SECRET mode=self
I am still looking in to what might be causing this to fail.
