[Date Prev][Date Next]
Re: ldap meta + activedirectory
Julien TOUCHE wrote:
has anyone any experience to make openldap connect in meta on an
what uri/binddn/acl do you use ? which rights on windows domain has bind
URI: ldap:// or ldaps://; the latter may require tweaking OpenLDAP's
ldap.conf to provide appropriate CA certificate or to disable CA cert
checking as considered appropriate; see ldap.conf(5) for details.
ACL: is up to what further restrictions you want to set on data
disclosed by the remote server
binddn: I don't understand what you mean. You need a valid identity to
authenticate. If you mean the "BINDDN" directive in ldap.conf(5),
that's the default identity you intend to use; but back-meta won't
likely work because a password is expected, and none is being provided.
If you mean the "binddn" (and "bindpw") directive(s) in slapd-meta(5),
that identity is simply used for internal operations, so it has to be a
valid identity but it's not going to help in overriding restrictions on
anonymous access. If you need to somehow override anonymous access
restrictions, I suggest you take a look at the "identity assertion"
feature of back-ldap (not released yet; it's been in HEAD code, and
documented on the FAQ <http://www.openldap.org/faq/data/cache/532.html>
for nearly a year, though).
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497