[Date Prev][Date Next]
Authenticating with distributed tree(?)
I'm not sure if what I'm doing is even possible (if it isn't, it would
explain why it doesn't work) so I'm after an idea if I have any chance
of succeeding as much as a solution.
I've got a distributed ldap tree running on 3 servers, with different
parts of the tree as bases on different servers, and referrals pointing
up to superior servers and references down to lower parts of the tree,
to clarify, a low level dn looks like this:
Where server 3 holds has a base of: dc=wildern,dc=hants,dc=sch,dc=uk -
and refers up to server 2..
Server 2 has a base of dc=hants,dc=sch,dc=uk - and refers up to server
1, and has an entry for dc=wildern as a reference.
Server 1 has a base of dc=sch,dc=uk - is the top level server, and has a
reference entry for dc=hants.
I've setup a user on cn=administrator,dc=sch,dc=uk and set the user up
with privileges via acls in all the slapd.conf(s) on the various servers
so the user has write access to everything. If I bind to server one with
cn=administrator,dc=sch,dc=uk I get write access with no problems,
however, the problem comes in when I try to bind to one of the servers
lower down the tree with the same credentials - it doesn't work at all -
I thought it should refer the query upward, or, (more likely) have I got
the entirely wrong idea here?
Thanks for any ideas,