[Date Prev][Date Next] [Chronological] [Thread] [Top]

Proxy Auth Question

To: OpenLDAP Software <openldap-software@openldap.org>
Subject: Proxy Auth Question
From: Yeargan Yancey <yancey@unt.edu>
Date: Mon, 4 Aug 2008 10:30:56 -0500

My goal is to configure OpenLDAP as a proxy to provide e-mail addresses to the public (via anonymous simple binds) using an LDAP back-end which requires authenticated simple binds.

Public ccess to this server will be anonymous only and read-only. All non-anonymous bind attempts are transformed to anonymous using authz- regexp ".+" "dn:".

However, I need all binds to the back-end LDAP service to use a specific account. I've looked at the docs and the list archives for information related to "idassert-bind" but I'm not understanding it well enough.

I tried this ...

idassert-authzFrom "dn:*"
idassert-bind    bindmethod="simple"
                 binddn="cn=info,o=org"
                 credentials="password"

but that does not seem to be working for me. I'm getting anonymous binds on the back-end. Is it possible to do what I'm asking? If so, what am I doing wrong?

Thanks,
Yancey

Follow-Ups:
- Re: Proxy Auth Question
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: restoring an accesslog database
Next by Date: Re: restoring an accesslog database
Index(es):
- Chronological
- Thread