[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: overlay chain

To: openldap-software@openldap.org
Subject: Re: overlay chain
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Thu, 31 Jul 2008 19:40:56 +0200
In-reply-to: <1ikvlfs.6xcp2warh7w9M%manu@netbsd.org>
User-agent: MacSOUP/2.7 (unregistered for 559 days)

Emmanuel Dreyfus <manu@netbsd.org> wrote:

> I fail to understand why they stopped working after 2.4
> upgrade.

I made some progress: 

- The replica's chain overlay perform the bind to the master using its
certificate, that works.

- The authz-regex on the master correctly maps the certificate CN to an
LDAP DN.

- But the authzTo attribute for that DN seems ignored. I have this
message:
Jul 31 05:46:31 botin slapd[27603]: SASL Authorize [conn=5]: proxy
authorization allowed authzDN=""  

Any hint on how to debug that?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- Re: overlay chain
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: slapd_db_hotbackup
Next by Date: Re: back-sql using varchar keyvals and ids
Index(es):
- Chronological
- Thread