[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: anonymous proxy and idassert-bind
On Lun 8 janvier 2007 17:19, Pierangelo Masarati a écrit :
> I have no idea of why it ever gets to return "no such object"; if the
> above is your slapd.conf, I see too many whitespaces in front of too
> many directives to yield a valid slapd-ldap configuration, though.
You were right. I thought I could use some indents like :
database ldap
option 1
option 2
sub-section 1 (like idassert-bind)
option1-of subsection1
option2-of subsection1
sub-section 2
option1-of subsection2
option2-of subsection2
For slaptest, everything is fine. The parser doesn't yell, but that change
slapd behaviour, randomly.
With this correction, the "no such object" error disapeared.
> In any case, if you specify flags=non-prescriptive, anonymous operations
> will not use identity assertion; in fact, non-prescriptive means that
> operations whose identity cannot be authorized are performed
> anonymously; the default is to reject them with "inappropriate
> authentication".
Ok, removed.
> A configuration like
>
> database ldap
> suffix "dc=example,dc=com"
> uri ldap://:9011
> idassert-bind bindmethod=simple
> mode=self
> binddn="cn=Manager,dc=example,dc=com"
> credentials="secret"
> idassert-authzFrom "dn.regex:.*"
>
> will do the trick (although, with the above bug, no proxyauthz wil occur
> and, as such, the operation will be performed with the identity defined
> in binddn).
For informationnal purpose, here is our "database ldap" section, that works :
-------8<------------------
database ldap
lastmod off
chase-referrals no
suffix "dc=x1,dc=f0,dc=enterprise"
uri "ldap://192.168.AD.IP:3268/"
idassert-bind bindmethod=simple binddn="CN=user1,OU=FR
,dc=my,DC=firm,DC=com" credentials="secret" mode=anonymous
idassert-authzFrom "dn.regex:.*"
-------8<------------------
Thx for your help!
--
Raph.