[Date Prev][Date Next] [Chronological] [Thread] [Top]

remote credentials for local branch with authz-regexp

Hello list,

I'm using translucent in a local server. That same server also has an extra local database, which is a local only branch of the remote database. This database is a subordinate and they glue together well. Now, for the sake of management, i need to be able to identify to the local database (rootdn) but using credentials from the remote database.
Assuming one has

translucent to remote - dc=example,dc=com
with remote admin user cn=admin,dc=example,dc=com

local - ou=localbranch,dc=example,dc=com
with rootdn admin user cn=admin,ou=localbranch,dc=example,dc=com

I tried the follwing on the local server

database        hdb
suffix          "ou=localbranch,dc=example,dc=com"
rootdn          "cn=admin,ou=localbranch,dc=example,dc=com"
rootpw          "secret"
directory       "/var/lib/ldap/ou=localbranch,dc=example,dc=com"
index           objectClass,sambaSID eq
lastmod         on


access to dn.base="ou=localbranch,dc=example,dc=com"
        by * read

access to *
        by dn="cn=admin,ou=localbranch,dc=example,dc=com" write
        by dn="cn=admin,dc=example,dc=com" write
        by * read


The credentials used to connect to the remote server have full read only access to the remote database.

So the problem is that when i try to authenticate using cn=admin,dc=example,dc=com, to the local database branch, i can see the bind request being transluced to the remote server without using the authz-regexp map.

Any advice is appreciated,

Hugo Monteiro.

fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _