[Date Prev][Date Next] [Chronological] [Thread] [Top]

chaining and proxy

To: openldap-software@openldap.org
Subject: chaining and proxy
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Mon, 29 Sep 2008 22:09:24 +0200
User-agent: Thunderbird 2.0.0.17 (X11/20080926)

Hello.

I successfully setup the chain overlay, so as to push changes from a slave to a master, with something as: overlay chain chain-uri "ldap://ldap1.domain.tld"; chain-idassert-bind bindmethod="simple" binddn="cn=chain,ou=roles,dc=domain,dc=tld" credentials="s3cr3t" mode="self" chain-idassert-authzFrom "*" chain-tls start chain-return-error TRUE

I'm curious, tough, why the slave has to use a proxy identity to authenticate on the master, instead of reusing original query credentials. Is there something preventing it, or is just that all examples I found sofar were using it ?

I was also curious to know if the slapauth tool was usable to test such kind of proxy setup. Reading the man page, it seems rather adapted to testing identity mapping through authz-regexp directives.

Follow-Ups:
- Re: chaining and proxy
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: size of DB files not decreasing
Next by Date: Re: chaining and proxy
Index(es):
- Chronological
- Thread