[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Referral ACL question
Hi,
We're setting up a distributed OpenLDAP service, with a "local"
root server and a "remote" server for a subtree, but I'm having
trouble with the ACLs.
It all works fine when both ACLs have:
access to * by * read
But if I use something more reasonable, like:
access to *
by users read
by anonymous auth
then searches for the remote subtree fail (no error msg, just no results).
What am I doing wrong here?
The ldapsearch command I'm using is:
ldapsearch -C -P 3 -x -LLL -S "" -b 'dc=alaska,ou=remotes,dc=dlese,dc=org' \
-H 'ldap://localhost:3890' -D 'cn=mainAdmin,ou=people,dc=dlese,dc=org' \
-w xxx -s sub '(cn=alaskaAdmin)' '*' '+'
This same search command does find the matching entry when
I send it directly to the remote server.
Looking at the debug log on the remote server, it appears that ldapsearch -C
isn't presenting any credentials to the remote server ...
...
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_bind: version=3 dn="" method=128
send_ldap_result: conn=0 op=0 p=3
send_ldap_response: msgid=4 tag=97 err=0
ber_flush: 14 bytes to sd 7
do_bind: v3 anonymous bind
...
What am I doing wrong here? Any hints much appreciated!
Steve
--
========================================
Steve Sullivan sullivan@mathcom.com
Mathcom Solutions Inc.: Custom Software Development.
* Mathematical optimization, simulation, and modeling.
* Data mining, information retrieval.
* Java, XML, C++, Mathematica, Matlab, XSLT, XQuery, SOAP, RMI, ...
http://www.mathcom.com 303-494-7115
========================================