[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL on referral object (chaining) does not work



Hi,
 
I have a question regarding ACL used together with chaining overlay configuration. I´m building several ldap servers which should chain each other, based on the selected path. I now wanted to prevent a chaining loop by using ACLs, but that doesn´t work for me. It seems like the ACL is not used for the referral objects.
 
sample referral object:
    dn: o=testldap2,c=de
    objectClass: referral
    objectClass: extensibleObject
    o=testldap2
    ref: ldap://testldap2/c=de
 
chaining config:
    overlay chain
    chain-uri ldap://testldap2
    chain-rebind-as-user yes
    chain-idassert-bind bindmethod="simple"
        binddn="cn=xxxxxx"
        credentials="yyyy"
        mode="self"
    chain-max-depth 1
    chain-return-error TRUE
 
ACL config:
    access to dn.base="o=testldap2,c=de"
        by peername.ip=192.168.1.1 none
        by * read
 
 
192.168.1.1 is the ip address of "testldap2". Everytime a request from this ip occurs, the server should block the access to the (referral) object because it must be a "chained" request
 
But that doesn´t work. Also the parameter "chain-max-depth" seems not to work. I´m currently using OpenLDAP version 2.3.20 (but I also tried the latest one).
 
 
Yours sincerely,
Kay