[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3860) Referral chasing in back-ldap with rootdn
raphael.ouazana@linagora.com wrote:
>Full_Name: Raphael Ouazana
>Version: 2.2.27
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (82.224.39.128)
>
>
>
>When I bind with rootdn the referrals are chased but as anonymous.
>A pseudoroot directive as in back-meta could be a good fix...
>
>
The pseudo-root DN directive was a (partly broken) attempt to provide
some means to circumvent the need to accessing the remote server with a
valid identity instead of anonymously. Back-ldap, in 2.3, has a much
more powerful means to assert identities, the "idassert" feature. One
of its possible uses, which does not need the remote server to support
the proxyAuthz control, is to map selected identities on another
idenityt that is used to bind to the remote host. I would consider
upgrading to 2.3 since it is unlikely tht any new feature is added to 2.2.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497