[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3860) Referral chasing in back-ldap with rootdn

raphael.ouazana@linagora.com wrote:

>Full_Name: Raphael Ouazana
>Version: 2.2.27
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>When I bind with rootdn the referrals are chased but as anonymous.
>A pseudoroot directive as in back-meta could be a good fix...
The pseudo-root DN directive was a (partly broken) attempt to provide 
some means to circumvent the need to accessing the remote server with a 
valid identity instead of anonymously.  Back-ldap, in 2.3, has a much 
more powerful means to assert identities, the "idassert" feature.  One 
of its possible uses, which does not need the remote server to support 
the proxyAuthz control, is to map selected identities on another 
idenityt that is used to bind to the remote host.  I would consider 
upgrading to 2.3 since it is unlikely tht any new feature is added to 2.2.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497