[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Chain overlay and ACLs

To: "John Kane" <john.kane@prodeasystems.com>
Subject: RE: Chain overlay and ACLs
From: masarati@aero.polimi.it
Date: Thu, 11 Jun 2009 22:44:23 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <56DA5079467D1C48B857C6FE59D5D4FC02B4C8CA@prodeaserve.prodea.local>
References: <56DA5079467D1C48B857C6FE59D5D4FC02B4C8AD@prodeaserve.prodea.local> <55007.129.2.175.78.1244751042.squirrel@www.aero.polimi.it> <56DA5079467D1C48B857C6FE59D5D4FC02B4C8CA@prodeaserve.prodea.local>
User-agent: SquirrelMail/1.4.9a

> Knew I was forgetting something :)  Here's the overlay info from the
> slave:
>
>
> overlay                 chain
> chain-uri               "ldap://172.25.1.2
> chain-idassert-bind bindmethod="simple"
>
> binddn="cn=ldapChain,o=partner_x,dc=example,dc=net"
>                         credentials="secret"
>                         mode="none"
> #                       mode="self"

The documentation I pointed you to clearly shows that you need to use
mode="self".  Please see slapd-ldap(5) for details on the meaning of those
parameters.  Enabling mode="self" requires the provider to be able to deal
with the proxied authorization control (RFC 4370) in requests.

p.

Follow-Ups:
- RE: Chain overlay and ACLs
  - From: "John Kane" <john.kane@prodeasystems.com>

References:
- Chain overlay and ACLs
  - From: "John Kane" <john.kane@prodeasystems.com>
- Re: Chain overlay and ACLs
  - From: masarati@aero.polimi.it
- RE: Chain overlay and ACLs
  - From: "John Kane" <john.kane@prodeasystems.com>

Prev by Date: RE: Chain overlay and ACLs
Next by Date: RE: Chain overlay and ACLs
Index(es):
- Chronological
- Thread