Hello, I would like to clarify my problem:
My 2 LDAP servers (configured as Provider) shares the same Tree (DIT) (same
part of tree):
- "Server local" manages the whole tree with the structure :
dc=com
ou=People,dc=com
uid=local_admin,ou=People,dc=com
ou=Group,dc=com
- "Server central" manages a database with the SAME tree structure but with
other account
dc=com
ou=People,dc=com
uid= central_admin ,ou=People,dc=com
ou=Group,dc=com
Is it possible to configure the "Server local" to delegates the request to
"Server Central" if an account is not found locally?
For example, with LDAPSEARCH:
>ldapsearch -H ldaps://Server-local.com -b ou=dcom -w private -D
>"cn=Admin,dc=com" uid=central_admin mail -x -C
=> This Fails: the Serve Local does not return the "Server central" to
Ldapsearch.
However, if I change the DIT of "Server central" in order to be different, the
Ldap delegation works. For example:
- "Server central" 's DIT:
dc=com2
ou=People,dc=com2
uid= central_admin ,ou=People,dc=com2
ou=Group,dc=com2
>ldapsearch -H ldaps://Server-local.com -b ou=com2 -w private -D
>"cn=Admin,dc=com" uid=central_admin mail -x -C
=> This works:
Dn: uid=adminCentral,ou=People,dc=com2
Mail: [email protected]
Ldapsearch 's traces contains referral url:
"ldap_chase_v3_referral: msgid 2, url "ldaps:// Server-central.com /dc=com2
??sub"
It seems that no referral is returned if the tree are identical: it is possible
to configure the Ldap server "local" to return the referral to the "central
(root) if the local query fails?
OpenLdap Admin Guide (version 2.4) , chapter 5.2.1.3 (olcReferral) says "This
directive specifies the referral to pass back when salpd cannot find a local
database to handle a request".
Best regards
Fb
[@@ THALES ALENIA SPACE INTERNAL @@]
-----Message d'origine-----
De : openldap-technical [mailto:[email protected]] De la
part de [email protected]
Envoyé : dimanche 15 janvier 2017 13:00
À : [email protected]
Objet : openldap-technical Digest, Vol 110, Issue 14
Send openldap-technical mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://www.openldap.org/lists/mm/listinfo/openldap-technical
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific than "Re:
Contents of openldap-technical digest..."
Send openldap-technical mailing list submissions to
[email protected]
When replying, please edit your Subject: header so it is more specific than
"Re: openldap-technical digest..."
Today's Topics:
1. Re: Generic Referrals never received. (Quanah Gibson-Mount)
----------------------------------------------------------------------
Message: 1
Date: Sat, 14 Jan 2017 11:57:57 -0800
From: Quanah Gibson-Mount <[email protected]>
To: BENICHOU Fabrice - Contractor
<[email protected]>,
[email protected]
Subject: Re: Generic Referrals never received.
Message-ID: <F3905FAB793AC520D721F0B1@[192.168.1.30]>
Content-Type: text/plain; charset=us-ascii; format=flowed
--On Friday, January 13, 2017 5:16 PM +0100 BENICHOU Fabrice - Contractor
<[email protected]> wrote:
> the configuration of "localserver.domain.com" is:
>
> dn: cn=config
>
> objectClass: olcGlobal
>
> cn: config
>
> olcArgsFile: /var/run/openldap/slapd.args
>
> olcPidFile: /var/run/openldap/slapd.pid
>
> olcTLSCACertificatePath: /etc/openldap/certs
>
> olcTLSCertificateFile: "OpenLDAP Server"
>
> olcTLSCertificateKeyFile: /etc/openldap/certs/password
>
> structuralObjectClass: olcGlobal
>
> creatorsName: cn=config
>
> olcReferral: ldaps://centralserver.domain.com
>
> olcLogLevel: -1
This is not a full configuration. It looks like you simply cut and pasted the
cn=config.ldif file. You would want to slapcat the cn=config DB to get the
full config database. I'm assuming you're trying to report a configuration
issue on your end with back-ldap or similar. You'd most likely want to only
provide the relevant configuration details for that portion of the
configuration database.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
------------------------------
Subject: Digest Footer
_______________________________________________
openldap-technical mailing list
[email protected]
http://www.openldap.org/lists/mm/listinfo/openldap-technical
------------------------------
End of openldap-technical Digest, Vol 110, Issue 14
***************************************************
