[Date Prev][Date Next] [Chronological] [Thread] [Top]

HEADS-UP: chain overlay authz configuration (Was: Update question with chain overlay of sync replica ?)

On Fri, 2005-12-09 at 13:33 +0800, Zhang Zhi Wei wrote:

I have no clue right now about your issue; I'd like to point out that I
spotted a bug in slapd-ldap/slapo-chain which fixed a proxyAuthz issue.
This was released as of OpenLDAP 2.3.13 and went unnoticed (my fault;
I've posted a separate, late ITS#4256).

> consumer:
> overlay chain
> chain-uri ldap://master
> chain-acl-bind bindmethod=simple
>                    binddn="cn=Manager,dc=com"
>                    credentials=secret

This configuration is incorrect.  You need to configure the chain
overlay using the idassert, not the acl bind.  The acl bind used to work
because of the above bug.  The correct configuration is

overlay         chain
chain-uri       ldap://master
chain-idassert-bind     bindmethod=simple


Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it