[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap meta + activedirectory
Dieter Kluenter wrote:
As far as I remember, back-meta passes any simple bind credentials it
receives to the remote server.
Correct. Simple binds are propagated, much like back-ldap does. I was
referring to the "binddn" (and "bindpw") statement(s) in slapd-meta(5),
whose usage has been often misinterpreted as the identity back-meta (and
back-ldap) would use to propagate anonymous binds. To reduce the
chances of misinterpretation, in HEAD/2.3 the "binddn" and "bindpw"
statements have been renamed "acl-authcDN" and "acl-passwd", indicating
that they're the identity back-ldap uses to access the remote server for
local ACL checking purposes. Identity assertion occurs in HEAD/2.3 by
means of the identity assertion mechanism, which, in some cases, may
result in anonymous binds occur by way of some administrative identity,
e.g. back-ldap authenticates with some administrative identity and
asserts the anonymous identity by means of the proxyAuthz control.
There's a variety of identity assertion policies currently implemented
in back-ldap. See 2.3's slapd-ldap(5).
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497