Reinhard Nappert wrote:
You cannot chain the directory manager user (aka rootdn). I'm assuming you're doing a search likeHi,I have two LDAP Servers setup (Server A and Server B). Both of them have the identical suffix (o=suffix). Again, both of them have a people organizational unit (ou=people,o=suffix). Server B has a big subtree (ou=region B,ou=people,o=suffix). My intension is to create a db link on Server A, which links to the ou=region B,ou=people,o=suffix subtree on Server B. I did create the database link and a new suffix l=location B,ou=people,o=suffix on Server A with the following entries: dn: cn=serverBlink,cn=chaining database,cn=plugins,cn=configobjectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: ou=region B,ou=people,o=suffix nsfarmserverurl: ldap://serverB:389/ nsmultiplexorbinddn: cn=proxy admin,cn=config nsmultiplexorcredentials: secret cn: serverBlinkdn: cn="l=location B,ou=people,o=suffix",cn=mapping tree,cn=configobjectclass: top objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: backend nsslapd-backend: serverBlink nsslapd-parent-suffix: "ou=people,o=suffix " cn: "l=location B,ou=people,o=suffix"I am only interested in reading the server B information, when accessing from server A. The "proxy admin" user was created as well. When I do a search with the base l=location B,ou=people,o=suffix, accessing server A, I always get the following error "Proxy dn should not be rootdn". What did I miss for the setup?
ldapsearch -D "cn=directory manager" ... This will not work - you must use a user other than directory manager.
Thanks,-Reinhard-------------------------------------------------------------------------- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
