Ping a Specific Port

Question

vaab

Asked: 2016-08-03 02:48:39 +0800 CST2016-08-03 02:48:39 +0800 CST 2016-08-03 02:48:39 +0800 CST

How to set up correctly openldap subordination?

772

I can't get to make this configuration work as expected:

# Database LDAP for ldap1
database        ldap
suffix          "ou=ldap1,dc=local"
uri ldap://ldap1
idassert-bind bindmethod=simple
   binddn="cn=admin,dc=ext1"
   credentials="secret3"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=manager,dc=local"
overlay rwm
rwm-suffixmassage   "ou=ldap1,dc=local" "dc=ext1"
subordinate

# Database LDAP for ldap2
database        ldap
suffix          "ou=ldap2,dc=local"
uri  ldap://ldap2
idassert-bind bindmethod=simple
  binddn="cn=admin,dc=ext2"
  credentials="secret2"
  mode=none
  flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=manager,dc=local"
overlay rwm
rwm-suffixmassage   "ou=ldap2,dc=local" "dc=ext2"
subordinate

# Database LDAP for local Manager authentication
database ldap
readonly                yes
suffix "dc=local"
rootdn "cn=manager,dc=local"
rootpw secret1

Knowing that in ldap2, there's an entry for "cn=test", I'm only wanting that querying the master LDAP server (with base: "dc=local) would work, so basically, I'm looking to make this work:

 ldapsearch -x -b "dc=local" -D "cn=manager,dc=local" cn=test -H ldap://localhost -w secret1

Actually this query will stall...

Of course, querying the subordinate with base "ou=ldap2,dc=local" works flawlessly and return the correct entry. This is the query that works:

 ldapsearch -x -b "ou=ldap2,dc=local" -D "cn=manager,dc=local" cn=test -H ldap://localhost -w secret1

What is my mistake ? I'd like to glue both server to effectively search between both ldap1 and ldap2 servers with one request on the master.

1 Answers

Voted

vaab · Answer 1 · 2016-08-03T06:24:44+08:00

vaab

2016-08-03T06:24:44+08:002016-08-03T06:24:44+08:00

What was missing for the subtree search to work with dc=local base is the actual root object in the database for dc=local.

So I had to switch to mdb for the main database on suffic dc=local to have a dummy database where I could actually add new objects.

I had also to remove the readonly yes statement of course.

And then I prepared this base.ldif file and added it to the base database:

cat <'EOF' > /tmp/base.ldif
dn: dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: Local
dc: local
EOF
ldapadd -h ldap://MYMASTERHOST -D cn=manager,dc=local -w secret1 -f /tmp/base.ldif

Then, both ldapsearch on the base dc=local and on subtree ou=ldap2,dc=local where working as expected.

I didn't forget to put back the readonly yes statement as I don't need to store anything in the master database.

1

How to set up correctly openldap subordination?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?