Hello,
Tony Earnshaw wrote:
[...]
> Could someone please explain why the configuration for the two tests
> should pass, while it doesn't on my consumer, and why the config with
> the two chain-rebind-as-user stanzas does?
I always find it helpful to look into the Logfiles of the
openldap-servers. On FreeBSD it's /var/log/debug.log.
Personally I find
loglevel 256
which "stats log connections/operations/results" most helpful. If you
are not sure how to interpret log entries, edit it to remove sensitive
content and post them, perhaps - if its more than 10 lines or so - using
a pastebin (eg. pastebin.ca or something)
Of course it seems weird to first have to disable and then later on to
enable "chain-rebind-as-user". It seems that this is because one
shouldn't rely on default values (as they might change). In the second
chain-uri-stanza of the example they don't set the rebind-flag again, so
I'd assume that the "global" value set after "overlay chain" will be
applied.
Anyway: the best thing next to an explanation I found of what
..rebind-as-user does is in slapd-ldap:
---------8<---------8<---------8<---------8<---------8<---------8<---------
rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds, when trying to re-establish a broken connection, or when
chasing a referral, if chase-referrals is set to yes.
---------8<---------8<---------8<---------8<---------8<---------8<---------
So I assume that something concerning the credentials breaks - the log
should help you pinpoint what exactly.
bye
Christian
--
Christian Marg mail : mailto:marg@rz.tu-clausthal.de
Dezernat 2 TU Clausthal web : http://www.tu-clausthal.de
D-38678 Clausthal-Zellerfeld fon : 05323/72-2107
Germany jabber: ifcma@jabber.tu-clausthal.de
Attachment:
signature.asc
Description: OpenPGP digital signature