[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL on referral object (chaining) does not work
- To: <openldap-technical@openldap.org>
- Subject: ACL on referral object (chaining) does not work
- From: <Kay.Kirchhoefer@t-systems.com>
- Date: Mon, 27 Jul 2009 16:13:13 +0200
- Content-class: urn:content-classes:message
- Thread-index: AcoOxGETX90UKBkXRty9CQxdR4sSfQ==
- Thread-topic: ACL on referral object (chaining) does not work
Hi,
I have a question
regarding ACL used together with chaining overlay configuration. I´m building
several ldap servers which should chain each other, based on the selected path.
I now wanted to prevent a chaining loop by using ACLs, but that doesn´t work for
me. It seems like the ACL is not used for the referral
objects.
sample referral
object:
dn:
o=testldap2,c=de
objectClass:
referral
objectClass:
extensibleObject
o=testldap2
chaining
config:
overlay chain
chain-rebind-as-user yes
chain-idassert-bind
bindmethod="simple"
binddn="cn=xxxxxx"
credentials="yyyy"
mode="self"
chain-max-depth
1
chain-return-error
TRUE
ACL
config:
access to
dn.base="o=testldap2,c=de"
by
peername.ip=192.168.1.1 none
by *
read
192.168.1.1 is
the ip address of "testldap2". Everytime a request from this ip
occurs, the server should block the access to the (referral) object because
it must be a "chained" request
But that
doesn´t work. Also the parameter "chain-max-depth" seems not to work. I´m
currently using OpenLDAP version 2.3.20 (but I also tried the latest
one).
Yours
sincerely,
Kay