[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap proxy to AD returns no results - take#2

> Thanks again Pierangelo.
> So what you are saying if I'm not mistaken is that the examples on pages
> 210-213 (most specifically p. 212) of Gerald Carter's O'reilly book on
> LDAP System Administration should not actually work and that is how
> back-ldap is designed?

I don't have that book at hand, so I won't make any public statement about
him being wrong or right ;)

This is my understanding of the code.  I would hardly believe any OpenLDAP
portion of code is designed to take a specific administrative identity on
behalf of anonymous.  I know it does for internal purposes, that is on
behalf of the proxy DSA with respect to the remote DSA; I also know (I
personally coded something about it) that portions of OpenLDAP code take a
specific identity of authenticated users (e.g. proxyAuthz control in
back-ldap) if instructed to do so.


Pierangelo Masarati