[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Auth Question

To: Yeargan Yancey <yancey@unt.edu>
Subject: Re: Proxy Auth Question
From: Pierangelo Masarati <ando@sys-net.it>
Date: Mon, 4 Aug 2008 22:14:47 +0200 (CEST)
Cc: OpenLDAP Software <openldap-software@openldap.org>
In-reply-to: <91B3F3E2-8161-4E06-AE98-75EEFB86C5E2@unt.edu>

----- "Yeargan Yancey" <yancey@unt.edu> wrote:

> My goal is to configure OpenLDAP as a proxy to provide e-mail  
> addresses to the public (via anonymous simple binds) using an LDAP  
> back-end which requires authenticated simple binds.
> 
> Public ccess to this server will be anonymous only and read-only.  All
>  
> non-anonymous bind attempts are transformed to anonymous using authz-
> 
> regexp ".+" "dn:".
> 
> However, I need all binds to the back-end LDAP service to use a  
> specific account. I've looked at the docs and the list archives for  
> information related to "idassert-bind" but I'm not understanding it  
> well enough.
> 
> I tried this ...
> 
> idassert-authzFrom "dn:*"
> idassert-bind    bindmethod="simple"
>                   binddn="cn=info,o=org"
>                   credentials="password"
> 
> but that does not seem to be working for me.  I'm getting anonymous  
> binds on the back-end.  Is it possible to do what I'm asking?  If so, 

you're missing the "mode=none" parameter.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- Proxy Auth Question
  - From: Yeargan Yancey <yancey@unt.edu>

Prev by Date: Re: effective rights, was: Determine current access level
Next by Date: Re: effective rights, was: Determine current access level
Index(es):
- Chronological
- Thread