[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
remote credentials for local branch with authz-regexp
- To: openldap-technical@openldap.org
- Subject: remote credentials for local branch with authz-regexp
- From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
- Date: Wed, 23 Feb 2011 12:22:52 +0000
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; PT-pt; rv:1.9.2.15pre) Gecko/20110207 Shredder/3.1.9pre
Hello list,
I'm using translucent in a local server. That same server also has an
extra local database, which is a local only branch of the remote
database. This database is a subordinate and they glue together well.
Now, for the sake of management, i need to be able to identify to the
local database (rootdn) but using credentials from the remote database.
Assuming one has
translucent to remote - dc=example,dc=com
with remote admin user cn=admin,dc=example,dc=com
local - ou=localbranch,dc=example,dc=com
with rootdn admin user cn=admin,ou=localbranch,dc=example,dc=com
I tried the follwing on the local server
database hdb
suffix "ou=localbranch,dc=example,dc=com"
rootdn "cn=admin,ou=localbranch,dc=example,dc=com"
rootpw "secret"
directory "/var/lib/ldap/ou=localbranch,dc=example,dc=com"
index objectClass,sambaSID eq
lastmod on
authz-regexp
"cn=admin,dc=example,dc=com"
"cn=admin,ou=localbranch,dc=example,dc=com"
access to dn.base="ou=localbranch,dc=example,dc=com"
by * read
access to *
by dn="cn=admin,ou=localbranch,dc=example,dc=com" write
by dn="cn=admin,dc=example,dc=com" write
by * read
subordinate
The credentials used to connect to the remote server have full read only
access to the remote database.
So the problem is that when i try to authenticate using
cn=admin,dc=example,dc=com, to the local database branch, i can see the
bind request being transluced to the remote server without using the
authz-regexp map.
Any advice is appreciated,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio@fct.unl.pt
fct.unl.pt:~# _