[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxyAttrSet: Only using the LAST value



> I'm trying to get Proxy Cache to work on my 2.2.23 OpenLDAP
> server. Again. Previous attemt (a few months ago) didn't
> succeed and i failed to document what I was doing and why :)
>
> ----- s n i p -----
> proxyattrset            0 uid uidNumber gidNumber loginShell homeDirectory
> proxyattrset            0 uid
> proxytemplate           (uid=) 0 3600
> ----- s n i p -----
>
> Work below means that I get what I ask for, but it's not cached...
>
>
> A search with 'uid=turbo uid' works as expected, but not a search
> with 'uid=turbo uid uidNumber gidNumber loginShell homeDirectory'.
>
> Swaping the two first (proxyattrset) lines make the second search
> work, but not the first.

I think you need different indices for different proxyattrset, e.g

proxyattrset            0 uid uidNumber gidNumber loginShell homeDirectory
proxyattrset            1 uid
proxytemplate           (uid=) 0 3600
proxytemplate           (uid=) 1 3600

On the contrary, you can have multiple proxytemplate use the same
proxyattrset,

proxyattrset            0 uid uidNumber gidNumber loginShell homeDirectory
proxytemplate           (uid=) 0 3600
proxytemplate           (cn=) 0 3600

Of course you need to configure 2 attrsets/templates within the
"proxycache" directive (arg#3, 0-based).

>
>
> Another thing - proxying SASL auths. I found my own thead
> from July ('slapd-{ldap,meta} && autentication') that that
> wasn't supported in slapd-meta. Is this still the case (I
> _THINK_ I was playing with 2.1 at the time, so HEAD _should_
> be what we're now calling 2.2)?

No, there's nothing like that in 2.2 (and likely there won't); it's going
to be in 2.3 (actually, it's in 2.3 alphas).

> I could get everything but SASL auth to work with slapd-meta,
> but I still wanted to try out slapd-ldap.
> That isn't working AT ALL. The slave is doing an anonymous
> bind against the master, despite 'proxyauthzdn', 'rootdn'
> or 'binddn' so I'm not getting ANYTHING back...

I'm not sure about what you can do for that in 2.2, but note that even 2.3
is not going to forward sasl authentication anyway.  All it's going to do
is to proxyAuthz __local__ identities, optionally using a SASL bind as
administrative user.  I don't think proxying SASL binds is at all
possible.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497