>Thanks Alex for replying,
>...
>...
OK, a days work has led me to discover that while apt-get purge --auto-remove
slapd ldap-utils does not actually purge slapd or ldap-utils, but appears to
uninstall them and purge all their dependencies. I think this was behind my
larger issues with openldap, apt-get purge slapd ldap-utils fixed that for me.
I am now circling back around to my original problem.
to clarify, there are 2 servers.
DC Server - AD set up, internal users and groups and policy etc. All working
fine.
ubuntu server - OpenLDAP set up, external users usernames and passwords. we
need our various web apps to point to this for authentication and return users
from either of the DSA's
backend of openLDAP currently set up like this (basically straight from a
tutorial) -
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
olcModuleload: back_ldap
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=companyname,dc=local
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=companyname,dc=local
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=companyname,dc=local" write
by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=companyname,dc=local" write by * read
I am trying to get the proxy set up at dc=AD,dc=companyname,dc=local.
so far my slapd.conf is -
# AD server proxy
database ldap
suffix "dc=AD,dc=companyname,dc=local"
uri ldap://companyname.local/
idassert-bind bindmethod=simple
binddn="cn=admin,dc=companyname,dc=local"
credentials=secret
authzID="dn:cn=admin,dc=companyname,dc=local"
however on running slaptest I get
slapd.conf: line 4: <suffix> invalid DN 21 (Invalid syntax)
slaptest: bad configuration directory!
I tried suffix with and without the "s to no avail.
A side question which neither man slaptest nor google has answered for me
thusfar, will slaptest add the configuration to slapd.d or overwrite it?
I do totally get that I am basically asking someone to do my job for me here,
which is not a habit I like to cultivate but I would be eternally grateful if
anyone could just point me in the right direction. I have done enough tech
support to be frustrated to be on this side of the RTFM coin but I assure you I
have trawled man pages, tutorials and forums before I came here.
