I have three servers running openldap 2.4.
On superior server I have all account information. ldap://a.example.com
On subordinate server I have an address book. ldap://b.example.com On
third server I use an ldap backend to tie the two together.
ldap://c.example.com
Using 3rd server (ldap://c.example.com) to search and modify, I can
authenticate on 1st server (a.example.com). But because no user account
information is stored on 2nd server (b.example.com) I can't
authenticate, or modify any entries there.
My question is, how do I set up the ability to change entries in the
subordinate database, if no entries can be bound to?
Server One:
olcSuffix: dc=example,dc=com
olcDatabase: {1}hdb
olcDBDirectory: /var/lib/ldap
With an entry like so:
dn: ou=address,dc=example,dc=com
objectClass: extensibleobject
objectClass: referral
ou: address
ref: ldap://b.example.com
Server 2:
olcReferral: ldap://a.example.com
olcSuffix: ou=address,dc=example,dc=com
olcDatabase: {1}hdb
olcDBDirectory: /var/lib/ldap
With an entry:
dn: cn=Bob,ou=address,dc=example,dc=com
objectClass: inetorgperson
cn: Bob
gn: Bob
sn: Smith
Server 3:
olcSuffix: dc=example,dc=com
olcDatabase: {1}ldap
olcDBUri: ldap://a.example.com
olcDBRebindAsUser: TRUE
olcDBChaseReferrals: TRUE
