[Date Prev][Date Next]
slapd-ldap configuration and identity assertion
I think my problem at this point is that I can't seem to get back-ldap to
use the authzID to try to assert another identity.
If I have the following then all operations are carried out as the
binddn, which is what I would expect.
And if I set mode=self then I see things like the following in the logs
and I gather that appropriate things are happening.
==>slap_sasl_authorized: can cn=erici,dc=cc,dc=utexas,dc=edu become
==>slap_sasl_check_authz: does cn=erici,dc=cc,dc=utexas,dc=edu match
authzFrom rule in ?
<==slap_sasl_check_authz: authzFrom check returning 32
<== slap_sasl_authorized: return 48
<= get_ctrls: n=1 rc=47 err="not authorized to assume identity"
But I can't seem to get authzID to work as documented. When I don't
specify 'mode' and I do specify authzID, I'm led to believe that I should
see a bind from the binddn and then an identity assertion to the authzID.
Instead, the connection gets relayed without using the binddn or the
authzID as if I hadn't used idassert-bind at all.
Am I missing something?
Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342