[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-meta ignoring binddn ?



Pierangelo Masarati wrote:

As a consequence, if you
bind to server A as X and X gets resolved to server B,
your bind is propagated there; other targets get bound
anonymously.



So there is no way to bind to serverC as X as well ?

Note that back-meta does not (yet?)
support auth proxying.



Not sure what you mean by auth proxying - is that what I'm trying to do ?

If you need to bind to each remote server as an
applicative identity, you may exploit the pseudorootdn
feature. For all those remote servers that have
valid pseudorootdn and pseudorootpw config directives,
when binding as rootdn to the back-meta, the bind gets
propagated to the remote servers with these administrative
identities (which should be remote administrative
identities).



I don't think that will help me, I need to bind as non-rootdn.

In case, an appropriate setup
of subordinate back-metas should work for you,





What would that look like ? One back-meta subordinate of another back-meta ?
Should I change back-ldap to back-meta at serverB & serverC ?



Thanks for your reply, Tom

--
Tom Riddle
HighStreet Networks
www.highstreetnetworks.com