[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: chain and ppolicy question

To: Tony Earnshaw <tonni@hetnet.nl>
Subject: Re: chain and ppolicy question
From: Gavin Henry <ghenry@suretecsystems.com>
Date: Thu, 06 Dec 2007 22:13:06 +0000
Cc: openldap-software@openldap.org
In-reply-to: <474AF413.5010402@hetnet.nl>
Organization: Suretec Systems Ltd.
References: <474AF413.5010402@hetnet.nl>
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Tony Earnshaw wrote:

OpenLDAP 2.3.38.
My site is implementing ppolicy on a 4-server OpenLDAP/RHEL5 setup. I
have a problem with chaining referrals from the 3 slaves to the master.
I followed the slapo-chain man page and chaining works:
moduleload      back_ldap.la
overlay chain
chain-uri               "ldaps://mercurius.intern"
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=proxy,dc=barlaeus,dc=nl"
                        credentials="secret"
chain-return-error      true
cn=proxy,dc=barlaeus,dc=nl is the rootdn on all servers, thus also on
the master.
The rootdn is not able to update passwords. I have no idea why the rootdn shouldn't be able to update passwords (PASSMOD). However, it seems to me that the chaining from the slave should be carried out as the actual user and not rootdn. I can find nothing in slapo-chain or slapd-ldap that lists this possibility.
Can anyone here help with this?


What are you logs/-d saying?

--
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Follow-Ups:
- Re: chain and ppolicy question
  - From: Tony Earnshaw <tonni@hetnet.nl>

Prev by Date: RE: Active/Active servers
Next by Date: RE: Active/Active servers
Index(es):
- Chronological
- Thread