openldap 2.4.21 - back-ldap + pcache ... backend binding

Mon, 26 Apr 2010 20:34:58 -0700 

 Hi Folks,

I am having troubles configuring openladp to my requirements.

I am setting up an openldap server running on solaris 10 x86 to use as
a ldap proxy authentication server.

My issue is that i cant get it to send authenticated simple binds to the
backend ldap system. I am running wireshark and when i ldapsearch direct to
the backend ldap i see a bind which looks like this :-
Lightweight-Directory-Access-Protocol
    LDAPMessage bindRequest(1)
"cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com" simple
        messageID: 1
        protocolOp: bindRequest (0)
            bindRequest
                version: 3
                name:
cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com
                authentication: simple (0)
                    simple: 384174656C73747261316732

However when i initiate an ldapsearch to my local solaris slapd and capture
the proxied backldap bind to the backend ldap system it looks like this :-
Lightweight-Directory-Access-Protocol
    LDAPMessage bindRequest(1) "<ROOT>" simple
        messageID: 1
        protocolOp: bindRequest (0)
            bindRequest
                version: 3
                name:
                authentication: simple (0)
                    simple: <MISSING>

I am having trouble working out from the documentation if it should be
acl-bind or idassert-bind or some other option which influences the backend
bind. I have tried both those to no avail.
Here is the "database ldap" section from my slapd.conf

#######################################################################
# ldap database definitions
#######################################################################
database ldap
uri "ldap://backendldap.core.dir.mycompany.com";
suffix "ou=People,ou=eProfile,dc=core,dc=dir,dc=mycompany,dc=com"
rootdn "dc=core,dc=dir,dc=mycompany,dc=com"
acl-bind bindmethod=simple
binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com"
credentials="password"
idassert-bind bindmethod=simple
binddn="cn=mybindid,cn=users,dc=core,dc=dir,dc=mycompany,dc=com"
credentials="password"
overlay pcache
proxycache bdb 400 1 50 1200
directory       /var/openldap-data
cachesize 10000
index cn,sn,uid pres,eq,sub
index objectclass eq

proxycachequeries 400
proxyattrset 0 uid mail cn sn givenName
proxytemplate (uid=) 0 600
proxytemplate (mail=) 0 600
proxytemplate (&(uid=)(mail=)) 0 600

Any help would be greatly appreciated

Regards Rep

Reply via email to