[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap backend issues (my config)



Nothing really stupid :) I should check with the docs (and the code :)
but I think you don't really need those extra rewrite stuff because the
suffixmassage directive directly provides the desired behavior by
default.  Otherwise, you should rather use

# require that anything extra present ends with a comma; exit in case of match
rewriteRule "((.+),)?o=NCSU,c=US$" "%1ou=people,dc=ncsu,dc=edu" ":@"


I could have sworn that "something" didn't work until I put that rewriteRule in there. I'll test it again and maybe take that out.

Something interesting, and I sincerely hope I am not cursing myself by saying this, but I didn't originally have the binddn and bindpw part in there. I have, since, put them in there and so far I haven't had o=NCSU,c=US vanish on me. Here's crossing my fingers that that was the problem. ;) Anyway, I'm going to remain silent for now.. may be back if somethings are still misbehaving. Thanks everyone for your assistance (as always)!!

Binddn/pw is used for ACLs; if you use ACLs on the proxy you better set the binddn to an appoprriate user (i.e. someone who can read-access the data that's used for authentication/access control.

That's all? Hrm. Well, so far it hasn't "Crashed" (though I wouldn't really call it a crash) since I added the bind lines, but then also one of the biggest users of o=NCSU,c=US was modified to use the new base dn, so.... who knows. I'll keep an eye out, and try ditching the rewrite rules.


Daniel

--
/\\\----------------------------------------------------------------------///\
\ \\\      Daniel Henninger           http://www.vorpalcloud.org/        /// /
 \_\\\      North Carolina State University - Systems Programmer        ///_/
    \\\                   Information Technology <IT>                  ///
     """--------------------------------------------------------------"""