atom feed3 messages in org.openldap.openldap-technicalProblem with chain overlay
FromSent OnAttachments
Klaus NagelFeb 2, 2010 8:10 am 
Dieter KluenterFeb 2, 2010 10:26 am 
Jaap WiniusFeb 2, 2010 11:09 am 
Subject:Problem with chain overlay
From:Klaus Nagel (m_a_@web.de)
Date:Feb 2, 2010 8:10:39 am
List:org.openldap.openldap-technical

Hello, I have a little problem with the chain overlay and hope, someone can help me. I have a master and a slave server (both debian lenny with openldap 2.4.11) and a normal syncrepl replication between both, but I can't get the chain working.

my slave slapd.conf entries:

moduleload back_ldap overlay chain chain-uri "ldap://10.8.0.1:389/" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=admin,dc=test,dc=de" credentials=testpw mode=self chain-tls start chain-return-error TRUE

if i try to delete an entry with ldapdelete on the slave server: ldapdelete -xD "cn=admin,dc=test,dc=de" -w testpw cn=abc,ou=Verteiler,dc=test,dc=de

Log from slave server: conn=1 fd=13 ACCEPT from IP=127.0.0.1:48451 (IP=0.0.0.0:389) conn=1 op=0 BIND dn="cn=admin,dc=test,dc=de" method=128 conn=1 op=0 BIND dn="cn=admin,dc=test,dc=de" mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 DEL dn="cn=abc,ou=Verteiler,dc=test,dc=de" conn=1 op=1 RESULT tag=107 err=8 text= conn=1 op=2 UNBIND conn=1 fd=13 closed

Log from master server: conn=83 fd=15 ACCEPT from IP=10.8.0.2:44720 (IP=0.0.0.0:389) conn=83 op=0 BIND dn="" method=128 conn=83 op=0 RESULT tag=97 err=0 text= conn=83 op=1 DEL dn="cn=abc,ou=Verteiler,dc=test,dc=de" conn=83 op=1 RESULT tag=107 err=8 text=modifications require authentication conn=83 op=2 UNBIND conn=83 fd=15 closed

...it seems to me, that the bind-dn will not be transmitted and I don't see any start-tls entries. ...any hints for me?

best regards: Klaus