[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: back-ldap: how to bind to remote server?
> I'm trying to use OpenLDAP as a proxy. I want it to bind to the remote
> LDAP server with a fixed dn, and use that dn for searches. This way,
> any dn binding to the proxy (even anonymously) could see objects and
> attributes that the dn used to bind to the real LDAP server can see.
This is discussed in slapd-ldap(5) man page. See the "idassert-bind"
statement.
> My problem is that it seems that the proxy does not bind to the remote
> server (in other words, it binds anonymously), just forwards searches,
> which fail this way, because the remote server requires authentication.
> The binddn and bindpw configuration options are correct, I can use
> ldapsearch to retrieve objects directly from the remote server.
>
> Looking at the network traffic, I can't see the proxy attempting to bind
> using the dn given in the binddn option.
Then you didn't read the man page. The "binddn" statement specifies a DN
for a very specific purpose, which is not the one you are trying to
obtain.
> Here is the relevant part of my slapd.conf:
>
> ==
> database ldap
> suffix dc=company,dc=local
> chase-referrals no
> lastmod off
> uri ldap://remotehost
> binddn <binddn>
> bindpw <bindpw>
> ==
>
> Is it possible to configure back-ldap this way?
With OpenLDAP 2.3, yes. But not with the above configuration. See
slapd-ldap(5).
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------