Re: Back-ldap configuration and id-assertion.

["Mustafa A. Hashmi" <mahashmi@gmail.com>]

On Tue, Aug 31, 2010 at 9:31 PM,  <masarati@aero.polimi.it> wrote:
>> Hi all,
>>
>> I am wondering if I am going about my setup the right way and am
>> hoping someone can give me a bit of input.
>>
>> Using openldap-2.4.23 on Debian Linux, I have nssov configured to
>> retrieve host, user and group information on my primary server, with
>> back-ldap and nssov configured on a secondary machine doing the same.
>>
>> The back-ldap configuration is as follows:
>>
>> database ldap
>> suffix  dc=zivios,dc=net
>> uri     "ldap://dev03.zivios.net";
>> acl-bind bindmethod=simple binddn="" credentials=""
>>
>> idassert-bind
>>  bindmethod=simple
>>   mode=self
>>   binddn="uid=zproxyauth,ou=zusers,ou=core
>> control,ou=zivios,dc=zivios,dc=net"
>>   credentials="foo"
>> idassert-authzFrom "dn.regex:.*"
>
> Hi, I can't speak for the nssov, but the back-ldap configuration looks
> fine to me.  I'm very interested in addressing the issue you note.  I have
> recently committed some fixes to address something that might be related,
> could you try HEAD code?  Also, since you find the issue so easily
> reproducible, could you send detailed logs of the server too?
> stats,trace,args should be best.  If they get pretty big, could you please
> upload them to ftp://ftp.openldap.org following guidelines here
> <http://www.openldap.org/devel/contributing.html#submitting>?

Will do first thing tomorrow. Many thanks.

Mustafa.