On Fri, 2005-12-09 at 13:33 +0800, Zhang Zhi Wei wrote:
I have no clue right now about your issue; I'd like to point out that I
spotted a bug in slapd-ldap/slapo-chain which fixed a proxyAuthz issue.
This was released as of OpenLDAP 2.3.13 and went unnoticed (my fault;
I've posted a separate, late ITS#4256).
> consumer:
> overlay chain
> chain-uri ldap://master
> chain-acl-bind bindmethod=simple
> binddn="cn=Manager,dc=com"
> credentials=secret
This configuration is incorrect. You need to configure the chain
overlay using the idassert, not the acl bind. The acl bind used to work
because of the above bug. The correct configuration is
overlay chain
chain-uri ldap://master
chain-idassert-bind bindmethod=simple
binddn="cn=Manager,dc=com"
credentials=secret
mode=self
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------