Re: chaining question

[Tony Earnshaw <tonni@hetnet.nl>]

Pierangelo Masarati skrev, on 05-09-2007 14:38:

[...]

> I could feel your pain, but I just tried, and adding rebind as user 
> stuff didn't alter the behavior I could experience: it worked for 
> authenticated operations, and it didn't for anonymous, unless explicitly 
> letting them thru as already explained.

Ok, I'll believe it; I'm not going to start over now, since stuff is 
working and it's a production Samba PDC for over 1000 users - I've other 
things to worry about that don't work as I expect - such as ppolicy and 
pam_ldap. Won't go into that on this list ...

> > It's no good telling me that chain-rebind-as-user is useless, when:
>
> Useless in that context.  It is useful when automatically chasing 
> referrals, and when idassert is not used.
>
> > 1: it's documented - though without an explanation - in SLAPO-CHAIN, and
>
> I'll remove it from the examples, since it appears to cause more trouble 
> than necessary.

NO, NO, PLEASE! It's what saved what little sanity I've got left, just 
that pointer. Perhaps it will be good for others too?

> > 2: it works ("works" means the referral from the slave is accepted and 
> > passed to the master, while a config without it doesn't).
>
> Well, it doesn't here.  I suspect the evil is in the details.  You 
> should provide producer and consumer slapd.conf, a minimal set of data 
> and an example operation that shows the issue.  Possibly thru the ITS, 
> since if the behavior you complain abut is reproducible there's a bug.

I've got two test machines at home (this is one) and I'll try it again 
(and again and again) when I can; as I wrote, it used to work, so 
perhaps I'm doing somethingthing wrong.

Thanks for the patient expansion, you (and others) write the software 
and you should know.

Best,

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl