[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Back-ldap configuration and id-assertion.
- To: openldap-technical@openldap.org
- Subject: Re: Back-ldap configuration and id-assertion.
- From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
- Date: Wed, 1 Sep 2010 00:11:55 +0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=t5VF7oJvt1XzYQKAUivtLgwU5zp3u8OPIZv0pgvHECc=; b=Se0r+8D2OYF0kdxkXWgEgikz3Fgblp1cGDVR9ad/A6mvo/cbdjBHQdmYycHdAob2O0 eBJfAcDMbgPuHVHj6PT9VcQV5Dfqea9sn+jjOTCot/4pH3EWBdKSUJcrVUtsaMeobu9E U/EKvBAZtkKXa9tz+eQoljAewyHkcEz0lW4D8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=MKflp7V0d6L0fqnUGB1vqMbsdFCP8Vavb4dGq4XJPiXch0FQFghumGdpNsAHi1QF93 lYPJYx4kFoA5gcIalKZzNUzuoQ7iDZ2nFkxJW35a4vBlGIz5kG3dibifWOq1tCHZJITH oC9uF4FYdoTuNfSeUvd1epDuKbblXfhYL8sRc=
- In-reply-to: <18927c0743f3259398499055d40f5da1.squirrel@www.aero.polimi.it>
- References: <AANLkTinWQNQrtKeLGHr9YYrdeR2u8Zj4biELMj_Ww0jW@mail.gmail.com> <18927c0743f3259398499055d40f5da1.squirrel@www.aero.polimi.it>
On Tue, Aug 31, 2010 at 9:31 PM, <masarati@aero.polimi.it> wrote:
>> Hi all,
>>
>> I am wondering if I am going about my setup the right way and am
>> hoping someone can give me a bit of input.
>>
>> Using openldap-2.4.23 on Debian Linux, I have nssov configured to
>> retrieve host, user and group information on my primary server, with
>> back-ldap and nssov configured on a secondary machine doing the same.
>>
>> The back-ldap configuration is as follows:
>>
>> database ldap
>> suffix dc=zivios,dc=net
>> uri "ldap://dev03.zivios.net"
>> acl-bind bindmethod=simple binddn="" credentials=""
>>
>> idassert-bind
>> bindmethod=simple
>> mode=self
>> binddn="uid=zproxyauth,ou=zusers,ou=core
>> control,ou=zivios,dc=zivios,dc=net"
>> credentials="foo"
>> idassert-authzFrom "dn.regex:.*"
>
> Hi, I can't speak for the nssov, but the back-ldap configuration looks
> fine to me. I'm very interested in addressing the issue you note. I have
> recently committed some fixes to address something that might be related,
> could you try HEAD code? Also, since you find the issue so easily
> reproducible, could you send detailed logs of the server too?
> stats,trace,args should be best. If they get pretty big, could you please
> upload them to ftp://ftp.openldap.org following guidelines here
> <http://www.openldap.org/devel/contributing.html#submitting>?
Will do first thing tomorrow. Many thanks.
Mustafa.