[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openLDAP as proxy



> Thank for your responses. Now I'm able to get the users information in
> cn=user, dc=doamin,dc=com. But I still have another question:
>
> AD doesn't allow anonymous bind, but I have binddn and bindpw
> directives in slapd.conf. So , why have I to put -D user_dn when I'm
> using ldapsearch??
> Doesn't it will work with the slapd.conf binddn and bindpw??

If you read slapd-ldap(5) you'd find out that binddn/bindpw does not imply
that the proxy will bind as such to the remote server on behalf of the
client.   This point has been stressed many times in the past on the
mailing list, and is clearly stated in the man page, so it's amazing how
many time people keep assuming that the proxy will bind as "binddn" when
an anonymous connection is done.  Read the manual and you'll find out that
what you want is currently impossible, although there's some work
undergoing to implement something similar to what you desire.  But this is
a completely different issue, and there's no OpenLDAP release that
currently implements it.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497