Hello, I try to chain 2 LDAP master (Provider): My system is : -1 Master "central" with suffix="dc=com" : I contains ldap posix user like "adminCentral". -1 Master "local" with suffix="dc=com": It contains ldap posix user like"adminlocal". The goal is to chain request when a ldapclient ask to Master "local" : this later shall chain the request to Master "central" and get back the result to client. For example, if "uid=adminCentral,User,dc=com" is not found in Master "local" LDAP, the Master "local" LDAP shall find if this Entry exists in Master "central"
1) Is it possible for a Master, to chain via overlay with "olcDbURI" parameter to another master? I only see example where Slave (Consummer) are chaining to Master (Provider).. 2) My Master "local" is configured with TLS : it has a Master_pem certificate, and a rootCA_local.pem (used in fact to authentify a local slave for replication). How to have TLS between "Master local" and "Master central"? If the rootCA_central.pem (trust chain) is not the same that the a rootCA_local.pem, how to complete the trust chain of the Master local? My work is based on documentation : http://www.zytrax.com/books/ldap/ch7/referrals.html#chaining (7.3.5). but the full documentation is not available and I use dynamic configuration with "olc". I have also found at http://serverfault.com/questions/518407/openldap-2-4-chain-overlay-minimal-ldif-configuration the Chain Overlay Minimal LDIF Configuration But the delegation does not work. Anyone does have a tutorial ? My platform: Centos 7 Best regards. Fab [@@ THALES ALENIA SPACE INTERNAL @@]
