[Date Prev][Date Next]
Re: Chain Overlay and SASL Proxy Auth with Multiple Referrals.
You hit a limitation of chaining as it is implemented today: chaining of
chained operations (namely, using idassert with proxied authorization, as
when mode=self) is explicitly disallowed, as back-ldap refuses to add an
instance of the proxied authorization control when one is already present.
This is the case of chained requests. This limitation would be
eliminated by the implementation of distributed procedures, currently a
work in progress (stalled, I believe).
Let me add that I find your setup a little bit nonsensical: if you have
shadow databases that are exact replicas of the producer, then each shadow
should be able to answer read requests. As a consequence, there is no
need to chain a shadow to another shadow. As a consequence, you should
rather chain all shadow servers to the producer.