[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap backend issues (my config)

Daniel Henninger wrote:

Nothing really stupid :) I should check with the docs (and the code :)
but I think you don't really need those extra rewrite stuff because the
suffixmassage directive directly provides the desired behavior by
default.  Otherwise, you should rather use

# require that anything extra present ends with a comma; exit in case of match
rewriteRule "((.+),)?o=NCSU,c=US$" "%1ou=people,dc=ncsu,dc=edu" ":@"

I could have sworn that "something" didn't work until I put that rewriteRule in there. I'll test it again and maybe take that out.

Something interesting, and I sincerely hope I am not cursing myself by saying this, but I didn't originally have the binddn and bindpw part in there. I have, since, put them in there and so far I haven't had o=NCSU,c=US vanish on me. Here's crossing my fingers that that was the problem. ;) Anyway, I'm going to remain silent for now.. may be back if somethings are still misbehaving. Thanks everyone for your assistance (as always)!!

Binddn/pw is used for ACLs; if you use ACLs on the proxy you better set the binddn to an appoprriate user (i.e. someone who can read-access the data that's used for authentication/access control.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497