On 2013-09-26 15:04, "Dieter Klünter" <[email protected]> wrote:
>Am Thu, 26 Sep 2013 17:23:42 +0000 >schrieb "Jancewicz, Russell" <[email protected]>: > >> It was modified from the generation of slapd-chain2.conf which also >> didn't work (I was working off the assumption that the overlay needed >> to be on olcDatabase={1}frontend) >> >> This is the slapd-chain2.conf file I am using (modified slightly) >> The only differences between this and the unmodified >> slapd-chain2.conf is the directory and the addition of chain-tls and >> chain-idassert-authzFrom to the "overlay chain" section. >> >> I'm generating my config with it with >> $ slaptest -f slapd-chain2.conf -F ./slapd.d-test/ >> >> >> """ >> include /etc/openldap/schema/core.schema >> include /etc/openldap/schema/cosine.schema >> include /etc/openldap/schema/inetorgperson.schema >> include /etc/openldap/schema/openldap.schema >> include /etc/openldap/schema/nis.schema >> >> database hdb >> directory /srv/ldap/example.com/ >> suffix "dc=example,dc=com" >> rootdn "cn=admin,dc=example,dc=com" >> rootpw secret >> >> overlay chain >> chain-uri ldap://master.example.com >> chain-idassert-bind bindmethod=simple binddn="dc=example,dc=com" >> credentials=secret mode=self >> chain-tls start >> chain-idassert-authzFrom "*" >> """ >[...] > >In this particular case chaining is a global configuration parameter, If that's the case what should I do to propagate writes/modifies from a *specific* database on my slave to a master? (ideally in cn=config style ldifs, not ldap.conf) Regardless if I apply it to the {-1}frontend or the {1}hdb both situations have resulted in the unwilling to perform error. >bear in mind that chaining confuration is based on back-ldap, thus you >may add configuration parameters from slapd-ldap(5) by attaching a >chain- prefix. > >[other global stuff] >overlay chain >chain-uri ldap://some.host >chain-idassert-bind > bindmethod=xxxxx > credentials=xxxx > mode=self > flags=non-prescriptive >chain-return-error TRUE >chain-rebind-as user TRUE > >database config >[...] >database mdb >[...] > > >-Dieter > > >-- >Dieter Klünter | Systemberatung >http://dkluenter.de >GPG Key ID:DA147B05 >53°37'09,95"N >10°08'02,42"E -Russell J. Jancewicz University of Connecticut
