[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta question



> Hi,
>
> can anybody out there point me to useful information/examples/links to
> slapd-meta? All I can find in google is the slapd-meta manpage. I'm
> especially interested in the binddn/pseudodn/rewrite stuff. So far I
> tried to setup a meta directory which queries three different
> directories, but no matter whether I use binddn or pseudodn all I get is
> the attributes allowed for anonymous bind.

pseudorootdn, as discussed in the manpage, is the identity that will be
used, for each remote server, when the client bound as the rootdn of the
proxy:

client            meta         remote1      remote2      remote3 ...

anonymous         anon         anon         anon         anon
user (@remote1)   user         user         anon         anon
meta rootdn       rootdn       pseudoroot1  pseudoroot2  pseudoroot3

It cannot be used to turn anonymous requests into authenticated ones.

Back-ldap has more sophisticated identity mapping capabilities, which,
under some circumstances, may allow to turn anonymous into auth'd
requests, but this is not very well documented, as it is considered bad
practice.

p.



Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------