[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3860) Referral chasing in back-ldap with rootdn

On Wed, July 13, 2005 16:10, Pierangelo Masarati wrote:
> The pseudo-root DN directive was a (partly broken) attempt to provide
> some means to circumvent the need to accessing the remote server with a
> valid identity instead of anonymously.  Back-ldap, in 2.3, has a much
> more powerful means to assert identities, the "idassert" feature.  One
> of its possible uses, which does not need the remote server to support
> the proxyAuthz control, is to map selected identities on another
> idenityt that is used to bind to the remote host.  I would consider
> upgrading to 2.3 since it is unlikely tht any new feature is added to 2.2.

Ok, I'll try idassert. But isn't there any mean for rootdn with
2.2.27/back-ldap to follow referrals as rootdn ? rootdn and rootpw are the
same on the proxy and on the directory, so I don't really need a
pseudoroot nor an equivalent mechanism.

Raphael Ouazana.