Help for setting-up an ldap-proxy

Thu, 14 May 2020 07:31:27 -0700 

Hello,

I'm pretty new to this list, and maybe/hopefully someone could help ...
I work at a chair at a german university, and we would like to use the central AD of theat university for our chair - by using a ldap-proxy system, so that there's only one connection to the central AD, and not ~70 (all of our computers, etc.). 
I can search the AD by using this (modified) command:
ldapsearch -LLL "(cn=FIRSTNAME LASTNAME)" -H ldaps://ldap.UNIVERSITY.de -b dc=university,dc=de -D cn=special,ou=group,dc=university,dc=de -W 

For locally installed applications I can use this /etc/pam_ldap.conf:
uri ldaps://ldap.university.de
host ldap.university.de
base ou=group,ou=hosts,dc=university,dc=de
ldap_version 3
binddn cn=special,ou=group,dc=university,dc=de
bindpw password
pam_password crypt
ssl start_tls
ssl on
To set-up the local ldap-proxy, I tried to follow this description, but it won't work (and I guess its not realy correct, as the config-file is there twice): 
https://doc.owncloud.com/server/admin_manual/configuration/ldap/ldap_proxy_cache_server_setup.html
When running "slaptest -f /etc/ldap/slapd.conf" I get these errors:
5ebd3ec5 /etc/ldap/slapd.conf: line 102: warning, source attributeType 'dn' should be defined in schema 
5ebd3ec5 PROXIED attributeDescription "DN" inserted.
5ebd3ec5 hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/ldap: (2). 
Expect poor performance for suffix "ou=group,ou=hosts,dc=university,dc=de".
5ebd3ec5 hdb_db_open: database "ou=lsafp,ou=hosts,dc=university,dc=de": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2). 5ebd3ec5 backend_startup_one (type=hdb, suffix="ou=group,ou=hosts,dc=university,dc=de"): bi_db_open failed! (2) 5ebd3ec5 backend_startup_one (type=ldap, suffix="ou=group,ou=hosts,dc=university,dc=de"): bi_db_open failed! (2) 
slap_startup failed (test would succeed using the -u switch)

Now my questions:
- where and how to put the data to do a query versus the central AD? (binddn & bindpw part) - where to define the local ldap-database? (I guess that has to be created an will be filled automatically...?) 

The system I'm using is a Debian 10.4 one.
slapd -V:
@(#) $OpenLDAP: slapd  (Apr 20 2020 18:19:54) $
Debian OpenLDAP Maintainers <[email protected]> 

Sorry, english is not my native language ...

Thanks a lot for reading! ;)

Cheers,
Torsten

Reply via email to