[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Back-ldap configuration and id-assertion.

To: openldap-technical@openldap.org
Subject: Re: Back-ldap configuration and id-assertion.
From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
Date: Wed, 1 Sep 2010 11:14:09 +0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=z7wgddYG/x2NVkeZiMgkPvxvVz8hjAkFQktsDcnoP/Y=; b=FF0xUhy1oIqJB53DvN3SXd6hWMqoZjB7IGHo/zXSkYG0OaFwWu9VVJVFRodK89i2qz 1D7L4UanWtIYbYHk/ckP30XVeEMKJ2qEV2+N5mgm2IRHQ1RtqUo+P3GdgDBCi30+a694 H17pS8d/02y/yTskOUQeXOOA+ql8TS//rg5bY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=f/7eZLhyM0uB2f5Ek0R9NzFb/ivVpYDC6iJLS05blCeiwembsbn3W7Yyxev2X6C4Jz NnoMBnoqfcRWpPNV5l4FO3oX6/4efPG/AB8q2r2sNmXwNdV7qlUeOfj9Rv1bYNbsuOZu OOo8kEN6Xjdik9uQvwchPCCjJjKFAoNj9gi90=
In-reply-to: <AANLkTiniRg0Xp7-hF6xKDnH39Fmvv+o_ade8cfOBiB5L@mail.gmail.com>
References: <AANLkTinWQNQrtKeLGHr9YYrdeR2u8Zj4biELMj_Ww0jW@mail.gmail.com> <18927c0743f3259398499055d40f5da1.squirrel@www.aero.polimi.it> <AANLkTiniRg0Xp7-hF6xKDnH39Fmvv+o_ade8cfOBiB5L@mail.gmail.com>

On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi <mahashmi@gmail.com> wrote:
> On Tue, Aug 31, 2010 at 9:31 PM,  <masarati@aero.polimi.it> wrote:
>>> Hi all,
>>>
>>> I am wondering if I am going about my setup the right way and am
>>> hoping someone can give me a bit of input.
>>>
>>> Using openldap-2.4.23 on Debian Linux, I have nssov configured to
>>> retrieve host, user and group information on my primary server, with
>>> back-ldap and nssov configured on a secondary machine doing the same.
>>>
>>> The back-ldap configuration is as follows:
>>>
>>> database ldap
>>> suffix  dc=zivios,dc=net
>>> uri     "ldap://dev03.zivios.net";
>>> acl-bind bindmethod=simple binddn="" credentials=""
>>>
>>> idassert-bind
>>>  bindmethod=simple
>>>   mode=self
>>>   binddn="uid=zproxyauth,ou=zusers,ou=core
>>> control,ou=zivios,dc=zivios,dc=net"
>>>   credentials="foo"
>>> idassert-authzFrom "dn.regex:.*"
>>
>> Hi, I can't speak for the nssov, but the back-ldap configuration looks
>> fine to me.  I'm very interested in addressing the issue you note.  I have
>> recently committed some fixes to address something that might be related,
>> could you try HEAD code?  Also, since you find the issue so easily
>> reproducible, could you send detailed logs of the server too?
>> stats,trace,args should be best.  If they get pretty big, could you please
>> upload them to ftp://ftp.openldap.org following guidelines here
>> <http://www.openldap.org/devel/contributing.html#submitting>?
>
> Will do first thing tomorrow. Many thanks.

Hi,

I've uploaded the log file named:
mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
Please let me know if you need additional information.

I am going to give the code in HEAD a shot and report back (hopefully
within a few hours).

Thanks,
Mustafa.

References:
- Back-ldap configuration and id-assertion.
  - From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
- Re: Back-ldap configuration and id-assertion.
  - From: masarati@aero.polimi.it
- Re: Back-ldap configuration and id-assertion.
  - From: "Mustafa A. Hashmi" <mahashmi@gmail.com>

Prev by Date: Re: Getting Solaris to use Openldap
Index(es):
- Chronological
- Thread