[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Subordinate Referral Credentials
Hi,
We're setting up a distributed OpenLDAP service, with a "local"
root server and a "remote" server for a subtree.
When both ACLs have "access to * by * read" it all works fine.
But if I use something more reasonable, like:
access to *
by users read
by anonymous auth
then searches for the remote subtree fail (no error msg, just no results).
The ldapsearch command I'm using is:
ldapsearch -C -P 3 -x -LLL -S "" -b 'dc=alaska,ou=remotes,dc=dlese,dc=org' \
-H 'ldap://localhost:3890' -D 'cn=mainAdmin,ou=people,dc=dlese,dc=org' \
-w xxx -s sub '(cn=alaskaAdmin)' '*' '+'
This same search command does find the matching entry when
I present it directly to the remote server.
Looking at the debug log, it appears that ldapsearch -C
isn't presenting any credentials to the remote server ...
...
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=4 tag=97 err=0
ber_flush: 14 bytes to sd 7
do_bind: v3 anonymous bind
...
Is there a way to force ldapsearch to present credentials
to the remote server?
Many thanks!
Steve