[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3860) Referral chasing in back-ldap with rootdn

Raphaël Ouazana-Sustowski wrote:

>On Wed, July 13, 2005 16:10, Pierangelo Masarati wrote:
>>The pseudo-root DN directive was a (partly broken) attempt to provide
>>some means to circumvent the need to accessing the remote server with a
>>valid identity instead of anonymously.  Back-ldap, in 2.3, has a much
>>more powerful means to assert identities, the "idassert" feature.  One
>>of its possible uses, which does not need the remote server to support
>>the proxyAuthz control, is to map selected identities on another
>>idenityt that is used to bind to the remote host.  I would consider
>>upgrading to 2.3 since it is unlikely tht any new feature is added to 2.2.
>Ok, I'll try idassert. But isn't there any mean for rootdn with
>2.2.27/back-ldap to follow referrals as rootdn ? rootdn and rootpw are the
>same on the proxy and on the directory, so I don't really need a
>pseudoroot nor an equivalent mechanism.
Yes: don't use a rootdn in the proxy, and use "rebind-as-user"; this 
should do the trick.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497