[Date Prev][Date Next]
Re: chaining and proxy
Howard Chu a écrit :
Pierangelo Masarati wrote:
Guillaume Rousse wrote:
> I successfully setup the chain overlay, so as to push changes from a
> slave to a master, with something as:
> overlay chain
> chain-uri "ldap://ldap1.domain.tld"
> chain-idassert-bind bindmethod="simple"
> chain-idassert-authzFrom "*"
> chain-tls start
> chain-return-error TRUE
> I'm curious, tough, why the slave has to use a proxy identity to
> authenticate on the master, instead of reusing original query
> credentials. Is there something preventing it, or is just that all
> examples I found sofar were using it ?
If by "original query credentials" you mean those of the user that first
attempted the write operation that got chained, that user's credentials
are no longer available. That's why you must use a proxy ID that has the
authority to act on the original user's behalf.
I was also thinking of such kind of issue. Thanks for your explanations.
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62