[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3860) Referral chasing in back-ldap with rootdn

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3860) Referral chasing in back-ldap with rootdn
From: ando@sys-net.it
Date: Wed, 13 Jul 2005 14:49:14 GMT

Raphaël Ouazana-Sustowski wrote:

>On Wed, July 13, 2005 16:10, Pierangelo Masarati wrote:
>  
>
>>The pseudo-root DN directive was a (partly broken) attempt to provide
>>some means to circumvent the need to accessing the remote server with a
>>valid identity instead of anonymously.  Back-ldap, in 2.3, has a much
>>more powerful means to assert identities, the "idassert" feature.  One
>>of its possible uses, which does not need the remote server to support
>>the proxyAuthz control, is to map selected identities on another
>>idenityt that is used to bind to the remote host.  I would consider
>>upgrading to 2.3 since it is unlikely tht any new feature is added to 2.2.
>>    
>>
>
>Ok, I'll try idassert. But isn't there any mean for rootdn with
>2.2.27/back-ldap to follow referrals as rootdn ? rootdn and rootpw are the
>same on the proxy and on the directory, so I don't really need a
>pseudoroot nor an equivalent mechanism.
>  
>
Yes: don't use a rootdn in the proxy, and use "rebind-as-user"; this 
should do the trick.

p.



    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Prev by Date: Re: (ITS#3860) Referral chasing in back-ldap with rootdn
Next by Date: Re: (ITS#3860) Referral chasing in back-ldap with rootdn
Index(es):
- Chronological
- Thread