DePriest, Jason R. wrote: > I am a complete newbie with OpenLDAP. I have worked with Windows NT > Domains and Active Directory for a long time. I've also worked with > Microsoft ADAM and CA's eTrust Admin Directory. > > However, I am having trouble getting OpenLDAP to perform what I think > are basic functions. > > I have a Debian GNU/Linux Etch system with a 2.6.18 kernel. > > slapd reports a version of 2.3.30.
slapd-ldap(5) saw some significant enhancement around 2.3.34 or so; I'd recommend to updated to the latest (2.3.37 right now). > > I have slapd running and I am able to authenticate with the local admin > account. > > What I want is for it to take requests for domain.com, ask the real > domain.com LDAP server (Active Directory) to handle it, then provide > the answer to the client. > > I want to have an OpenLDAP server in my DMZ proxy connections to my > internal network without actually storing any account information > locally (except for the local admin). > > I think this is the relevant configuration information (comments removed): > include /etc/ldap/schema/core.schema > include /etc/ldap/schema/cosine.schema > include /etc/ldap/schema/nis.schema > include /etc/ldap/schema/inetorgperson.schema > pidfile /var/run/slapd/slapd.pid > argsfile /var/run/slapd/slapd.args > loglevel 0 > modulepath /usr/lib/ldap > moduleload back_bdb > moduleload back_ldap moduleload rwm > sizelimit 500 > tool-threads 1 > backend bdb > checkpoint 512 30 > database ldap > lastmod off ^^^ not needed > uri "ldap://server.domain.com"; > map attribute uid sAMAccountName > map attribute cn name > map attribute mail userPrincipalName > map objectclass account user > map attribute * > idassert-bind bindmethod=simple > binddn="cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com" > credentials="<password>" > method=self > chase-referrals yes ^^^ this might give undesired effects; only activate if strictly required, and after careful testing. > database bdb > suffix "dc=domain,dc=com" > rootdn "cn=<USER>,ou=<CONTAINER>,dc=domain,dc=com" > directory "/var/lib/ldap" > dbconfig set_cachesize 0 2097152 0 > dbconfig set_lk_max_objects 1500 > dbconfig set_lk_max_locks 1500 > dbconfig set_lk_max_lockers 1500 > index objectClass eq > lastmod on > access to attrs=userPassword,shadowLastChange > by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write > by anonymous auth > by self write > by * none > access to dn.base="" by * read > access to * > by dn="cn=admin,dc=ftbco,dc=ftn,dc=com" write > by * read > > Running this with: slapd -g openldap -u openldap -d 16383 > > Give a few errors such as: > line 44 (checkpoint 512 30) > /etc/ldap/slapd.conf: line 44: unknown directive <checkpoint> inside > backend database definition (ignored). > and > /etc/ldap/slapd.conf: line 51: rewrite/remap capabilities have been > moved to the "rwm" overlay; see slapo-rwm(5) for details (hint: add > "overlay rwm" and prefix all directives with "rwm-"). > > Adding the requested overlay line and changing the map to rwm-map > doesn't help. I may be adding it in the wrong place. > I always get: > line 31 (overlay rwm) > overlay "rwm" not found > /etc/ldap/slapd.conf: line 31: <overlay> handler exited with 1! > > with the line number obviously different for the different places I've tried > it. > > Yet, the rwm files are right where they should be: > [EMAIL PROTECTED]:/etc/ldap# ls -l /usr/lib/ldap/rwm* > lrwxrwxrwx 1 root root 17 2007-04-16 12:18 > /usr/lib/ldap/rwm-2.3.so.0 -> rwm-2.3.so.0.2.18 > -rw-r--r-- 1 root root 33020 2007-03-08 23:45 /usr/lib/ldap/rwm-2.3.so.0.2.18 > -rw-r--r-- 1 root root 891 2007-03-08 23:45 /usr/lib/ldap/rwm.la > lrwxrwxrwx 1 root root 17 2007-04-16 12:18 /usr/lib/ldap/rwm.so -> > rwm-2.3.so.0.2.18 > > Please tell me what simple step I am messing up? p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------
