Re: Back-ldap configuration and id-assertion.

[masarati@aero.polimi.it]

> Hi all,
>
> I am wondering if I am going about my setup the right way and am
> hoping someone can give me a bit of input.
>
> Using openldap-2.4.23 on Debian Linux, I have nssov configured to
> retrieve host, user and group information on my primary server, with
> back-ldap and nssov configured on a secondary machine doing the same.
>
> The back-ldap configuration is as follows:
>
> database ldap
> suffix  dc=zivios,dc=net
> uri     "ldap://dev03.zivios.net";
> acl-bind bindmethod=simple binddn="" credentials=""
>
> idassert-bind
>  bindmethod=simple
>   mode=self
>   binddn="uid=zproxyauth,ou=zusers,ou=core
> control,ou=zivios,dc=zivios,dc=net"
>   credentials="foo"
> idassert-authzFrom "dn.regex:.*"

Hi, I can't speak for the nssov, but the back-ldap configuration looks
fine to me.  I'm very interested in addressing the issue you note.  I have
recently committed some fixes to address something that might be related,
could you try HEAD code?  Also, since you find the issue so easily
reproducible, could you send detailed logs of the server too? 
stats,trace,args should be best.  If they get pretty big, could you please
upload them to ftp://ftp.openldap.org following guidelines here
<http://www.openldap.org/devel/contributing.html#submitting>?

Thanks, p.