[Date Prev][Date Next]
*** Before acting on this email or opening any attachment you are advised to read the disclaimer at the end of this email ***
I've been racking my brains trying to understand the syntax of
In my current setup I have a local bdb database with some users and the
base entry for the tree. I have a meta database that is subordinate to
the bdb database.
If I bind to the proxy as root, and search for anything, with any base
(within the tree) openldap will bind to the relevant targets using the
credentials defined in the idassert-bind directives.
If I bind to the proxy as a user that exists locally (within the bdb
database) but not in any of the targets, openldap will bind to the
targets anonymously using the dn defined in idassert-bind but no
If I bind to the proxy as a user that exists in one of the targets, it
will bind to that target with the supplied credentials, and bind
anonymously using the dn defined in idassert-bind to all other targets
Ideally, I would like the following situation:
If a user binds with local credentials, openldap should bind to the
targets with the credentials supplied with idassert-bind.
If a user binds with remote credentials, openldap should bind to that
target with the credentials supplied by the user, and either bind to the
other targets using the pre-defined credentials OR not attempt to bind
to those targets.
I have tried using 'flags=override', which works well to solve the
local user problem. However if a user binds with remote credentials,
openldap will first bind with those credentials, then rebind with the
pre-defined credentials. The problem here is that the predefined
credentials may not have the same privileges as the supplied
Here's something like my slapd.conf...
access to *
by dn="cn=user a,dc=example,dc=com" read
by dn="cn=user b,dc=example,dc=com" read
by * auth
access to dn.sub="dc=target a,dc=meta,dc=example,dc=com"
by dn="cn=user a,dc=example,dc=com" write
by self write
# Meta Database
## Target A
uri "ldap://192.168.1.10/dc=target a,dc=meta,dc=example,dc=com"
suffixmassage "dc=target a,dc=meta,dc=example,dc=com" "o=example"
## Target B
uri "ldap://192.168.1.20/dc=target b,dc=meta,dc=example,dc=com"
suffixmassage "dc=target b,dc=meta,dc=example,dc=com"
# Local bdb database
index objectclass eq
index cn,sn eq,sub
Thankyou for taking the time to read this, any help would be greatly
Tel No: +44 (0) 1935 70 4421
*** Disclaimer ***
The information contained in this E-Mail and any subsequent correspondence may be subject to the Export Control Act (ECA) 2002. The content is private and is intended solely for the recipient(s).
For those other than the recipient any disclosure, copying, distribution, or action taken, or omitted to be taken, in reliance on such information is prohibited and may be unlawful.
If received in error please return to sender immediately.
Under the laws of England misuse of information that is subject to the ECA 2002, is a criminal offence.
Westland Helicopters Ltd
Yeovil BA20 2YB
Registered in England under No 604352