Re: Chain authentication bind configuration

[Dave Stoll <dave.stoll@mac.com>]

I'm on 2.4.7

Cheers,
Dave


On 1/11/08 9:45 AM, "Gavin Henry" <ghenry@suretecsystems.com> wrote:

> Dave Stoll wrote:
>> Hello -
>> 
>> I seem to have run into a bit of a roadblock with my configuration.  I
>> am trying to build an OpenLDAP server which uses ref: entries to chain
>> to two other LDAP servers for user authorization.  I have been able to
>> get everything working fine so long as I allow anonymous binding on the
>> servers referenced from OpenLDAP.  Unfortunately, the security folks are
>> requesting the OpenLDAP server to force bind credentials for the
>> particular ldap uri.
>> 
>>> From man slapd-ldap(5) I see the following:
>> 
>> acl-bind
>> ...
>>               This  identity  is by no means implicitly used by the
>> proxy when
>>               the client connects  anonymously.   The  idassert-bind
>>  feature,
>>               instead,  in  some  cases  can  be  crafted  to  implement
>>  that
>>               behavior, which is intrinsically unsafe and should be used
>>  with
>>               extreme  care.   This  directive obsoletes acl-authcDN,
>> and acl-
>>               passwd.
>> ...
>> 
>> Unfortunately, I¹m having a bit of difficulty finding any documentation
>> supporting the ability to implicitly use a particular bindDN and simple
>> authentication password, regardless of whether the query is anonymous or
>> authenticated.
>> 
>> Any help would be welcome.
>> 
>> Cheers,
>> Dave
>> 
>> 
>> 
>> 
>> -- 
>> Dave Stoll
>> echo mac | sed 's/^/dave.stoll@/;s/$/.com/'
> 
> What slapd version are you on?

-- 
Dave Stoll
echo mac | sed 's/^/dave.stoll@/;s/$/.com/'