[Date Prev][Date Next]
Re: Chain authentication bind configuration
I'm on 2.4.7
On 1/11/08 9:45 AM, "Gavin Henry" <email@example.com> wrote:
> Dave Stoll wrote:
>> Hello -
>> I seem to have run into a bit of a roadblock with my configuration. I
>> am trying to build an OpenLDAP server which uses ref: entries to chain
>> to two other LDAP servers for user authorization. I have been able to
>> get everything working fine so long as I allow anonymous binding on the
>> servers referenced from OpenLDAP. Unfortunately, the security folks are
>> requesting the OpenLDAP server to force bind credentials for the
>> particular ldap uri.
>>> From man slapd-ldap(5) I see the following:
>> This identity is by no means implicitly used by the
>> proxy when
>> the client connects anonymously. The idassert-bind
>> instead, in some cases can be crafted to implement
>> behavior, which is intrinsically unsafe and should be used
>> extreme care. This directive obsoletes acl-authcDN,
>> and acl-
>> Unfortunately, I¹m having a bit of difficulty finding any documentation
>> supporting the ability to implicitly use a particular bindDN and simple
>> authentication password, regardless of whether the query is anonymous or
>> Any help would be welcome.
>> Dave Stoll
>> echo mac | sed 's/^/dave.stoll@/;s/$/.com/'
> What slapd version are you on?
echo mac | sed 's/^/dave.stoll@/;s/$/.com/'