[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: overlay chain

Ed Greenberg <edg@greenberg.org> wrote:

> overlay                 chain
> chain-rebind-as-user    FALSE
> chain-uri               "ldap://master.mydomain.com";
> chain-rebind-as-user    TRUE
> chain-idassert-bind     bindmethod="simple"
>                         binddn="cn=Manager,dc=mydomain,dc=com"
>                         credentials="secret"
>                         mode="self"  

I have this on the slave. The cn=foo is a bug workaround for getting it
working with certificates

overlay                 chain
chain-uri               ldaps://ldapmaster.example.net
chain-idassert-bind     bindmethod=sasl
chain-idassert-authzFrom "*"
chain-return-error TRUE

On the master. The autz-regexp maps the CN from the certificate to a DN
in the tree
authz-policy    to
authz-regexp    cn=ldapslave1.example.net
access to attrs=authzTo
    by * read stop

And finally, in the LDAP tree:
dn: cn=ldapslave1.example.net,o=example
authzTo: *

It did work with 2.3 but seems broken in 2.4. The slave accepts the
client's connexion, but when it attempts to do the modification:

modifying entry "uid=foo,o=example"
ldap_modify: Authentication method not supported (7)

Any hint appreciated

Emmanuel Dreyfus