Dieter Kluenter wrote:
Christian Roessner<[email protected]> writes:
Hi Dieter,
This depends :-)
But in most cases the overlays are an extension to a specific database
declaration
Ok, I have added it to the htb-part:
DN: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config
objectClass: olcChainConfig
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: {0}chain
overlay chain
chain-uri ldap://foo/
chain-idassert-bind bindmethod=simple
binddn="..." credentials="..."
mode=self
flags=non-prescriptive
chain-rebind-as-user true
chain-return-error true
My problem is that I can not find the corresponding old-attributes. I
only could set:
olcChainCacheURI
olcChainMaxReferralDepth
olcChainReturnError
olcChainingBehavior
So, what have I done wrong?
There is nothing wrong. The chain overlay is derived from back-ldap,
that is, only attributes unknown to back-ldap, are specific to chain
overlay.
ldapsearch [-Y external -H ldapi:///]-b "cn=subschema" -s base + | grep
-A4 'olcLDAPConfig'
will show the missing attributes. But as man slapo-chain(5) mentions,
an extension of chain- will distinguish from other configuration
parameters. If this applies to cn=config related attributes I don't
know, as I don't have a chained replication setup. Others may answer
to this.
Under the covers, the chain overlay creates a private back-ldap instance. For
dynamically adding with cn=config, you have to create this instance yourself.
See the later section of test022-ppolicy in the test suite for an example of
how this is done.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
