[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Back-ldap configuration and id-assertion.

On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi <mahashmi@gmail.com> wrote:
> On Tue, Aug 31, 2010 at 9:31 PM,  <masarati@aero.polimi.it> wrote:
>>> Hi all,
>>> I am wondering if I am going about my setup the right way and am
>>> hoping someone can give me a bit of input.
>>> Using openldap-2.4.23 on Debian Linux, I have nssov configured to
>>> retrieve host, user and group information on my primary server, with
>>> back-ldap and nssov configured on a secondary machine doing the same.
>>> The back-ldap configuration is as follows:
>>> database ldap
>>> suffix  dc=zivios,dc=net
>>> uri     "ldap://dev03.zivios.net";
>>> acl-bind bindmethod=simple binddn="" credentials=""
>>> idassert-bind
>>>  bindmethod=simple
>>>   mode=self
>>>   binddn="uid=zproxyauth,ou=zusers,ou=core
>>> control,ou=zivios,dc=zivios,dc=net"
>>>   credentials="foo"
>>> idassert-authzFrom "dn.regex:.*"
>> Hi, I can't speak for the nssov, but the back-ldap configuration looks
>> fine to me.  I'm very interested in addressing the issue you note.  I have
>> recently committed some fixes to address something that might be related,
>> could you try HEAD code?  Also, since you find the issue so easily
>> reproducible, could you send detailed logs of the server too?
>> stats,trace,args should be best.  If they get pretty big, could you please
>> upload them to ftp://ftp.openldap.org following guidelines here
>> <http://www.openldap.org/devel/contributing.html#submitting>?
> Will do first thing tomorrow. Many thanks.


I've uploaded the log file named:
mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
Please let me know if you need additional information.

I am going to give the code in HEAD a shot and report back (hopefully
within a few hours).