[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL on referral object (chaining) does not work

To: <openldap-technical@openldap.org>
Subject: ACL on referral object (chaining) does not work
From: <Kay.Kirchhoefer@t-systems.com>
Date: Mon, 27 Jul 2009 16:13:13 +0200
Content-class: urn:content-classes:message
Thread-index: AcoOxGETX90UKBkXRty9CQxdR4sSfQ==
Thread-topic: ACL on referral object (chaining) does not work

Hi,

I have a question regarding ACL used together with chaining overlay configuration. I´m building several ldap servers which should chain each other, based on the selected path. I now wanted to prevent a chaining loop by using ACLs, but that doesn´t work for me. It seems like the ACL is not used for the referral objects.

sample referral object:

dn: o=testldap2,c=de

objectClass: referral

objectClass: extensibleObject

o=testldap2

ref: ldap://testldap2/c=de

chaining config:

overlay chain

chain-uri ldap://testldap2

chain-rebind-as-user yes

chain-idassert-bind bindmethod="simple"

binddn="cn=xxxxxx"

credentials="yyyy"

mode="self"

chain-max-depth 1

chain-return-error TRUE

ACL config:

access to dn.base="o=testldap2,c=de"

by peername.ip=192.168.1.1 none

by * read

192.168.1.1 is the ip address of "testldap2". Everytime a request from this ip occurs, the server should block the access to the (referral) object because it must be a "chained" request

But that doesn´t work. Also the parameter "chain-max-depth" seems not to work. I´m currently using OpenLDAP version 2.3.20 (but I also tried the latest one).

Yours sincerely,

Kay

Follow-Ups:
- Re: ACL on referral object (chaining) does not work
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: get_ava: illegal value with translucent proxy
Next by Date: send_search_entry: conn 9279837 ber write failed
Index(es):
- Chronological
- Thread