Re: chain overlay does an anonymous bind and ignores the chain binddn (v

Re: chain overlay does an anonymous bind and ignores the chain binddn (v2.4.44)

To: mailing lists <listas.correo@yahoo.es>

Subject: Re: chain overlay does an anonymous bind and ignores the chain binddn (v2.4.44)

From: Matthew Kemp <matthew.kemp@braintreepayments.com>

Date: Mon, 24 Apr 2017 18:38:53 -0500

Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=braintreepayments.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=HP9pCwWVk1l+lYDy2mpEa1e1YdxGLIU5LlPn4o6jFq8=; b=MSIC7++94dySBxztcRK/yLizTpBohO4OCp828Rje69z3/qnDXM81YhhKg5dUgI8Sp8 kKECgyVQwkVrnEJ2e/qcSuqbgZ0BkQ4tAYPKtMDra7wwXT7tLo9Cj+5Q4DZgnoYIHiel fxsK7R+Fe1F1mGtiDjCV7GntUDn1ZNog3U5b+byduF8I4Q56FtihUGixCE9Cd0MrxEri fYiRoGWZWeQFz+brjPCID0yy5FXsRqZJsxZxcB1Q41DWFR493+6XhIB6fDGKPRDMyr2g IRNgiu1UMJ3C8TQwkWA/qkNc5HI3cYZu4xmMeNNMHMoO2MOThgivsA+Bxfx/kXHqGUqJ 1/IQ==

In-reply-to: <685444107.6182891.1492688188961@mail.yahoo.com>

References: <685444107.6182891.1492688188961.ref@mail.yahoo.com> <685444107.6182891.1492688188961@mail.yahoo.com>

On Thu, Apr 20, 2017 at 6:36 AM, mailing lists <listas.correo@yahoo.es> wrote:

Hello,

I am testing the chain overlay from a read-only slave (consumer) slapd server to a read-write master (provider), but what I am seeing is an anonymous bind from the consumer to the provider instead of the authorization identity configurated in the chain directive.

We're also seeing the same behavior and reported a similar issue last month to this list:

http://www.openldap.org/lists/openldap-technical/201703/msg00047.html

I'm hopeful we can track down this issue as it's causing us some issues that we'll need to resolve eventually.

Matt Kemp

Production Engineer

Braintree