[Date Prev][Date Next]
Re: back-ldap with glue overlay
On Mon, 20 Mar 2006, Aaron Richton wrote:
>I had some fun with this a while back. Lots of syntax that you think would
>work (and likely will work with better rwm/glue interaction) eventually
>run into one ITS or another like Howard noted below. I don't remember
>getting anywhere useful with back-relay. In the end, the simplest config
>was the one that worked:
That didn't work for me. With a setup like your example, if I bind as
cn=user,ou=a,dc=example,dc=com it seemed like the search base would get
stuck as ou=a,dc=example,dc=com and I couldn't retrieve
cn=foo,ou=b,dc=example,dc=com (though cn=foo,ou=local... worked fine).
What I ended up doing was this:
suffixmassage "ou=groups,dc=example,dc=com" "ou=groups,dc=local"
I like the configuration syntax for back-meta, but it seems like there
ought to be a better way to do the loopback connection, but using both
back-relay and back-ldap/meta seemed like too much additional complexity.
Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342