[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap back-sock

To: openldap-technical@openldap.org
Subject: openldap back-sock
From: stefano vital <stefano.vital@gmail.com>
Date: Thu, 23 Sep 2010 14:27:16 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=3vLuK2q9iYvEHAwsHe+IpU6BNsOSTnMzOfykbamnzoQ=; b=QXQ6ubuE/TGwavS1kHOqwS7KPzlJjEEdsbj/mA9id9Gtr5MmhVz9y/ksOcFuBL03qn lZmYcr8iRjupoNI3HsmEelvlZDR6oDON8LAL217OPr6RRfmSlE4fYr3otVAEY+4QVQOs WMwPP+MFwcp+CToYwYAEIZBFShki/TRknTSXs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=tRhEdHegFZyUohLyY7Ns+Y4iG8S9iGBsfUHSC6i41/ITFs9Vxhf8AjWtgyVDgZfi5u LSt90aNex8irm+ntVvOpazGSH+vI8R0nHuZYmSDaz8jm9zEUUrjdTSRS4i3AU93dNVLq jzqB9FTejtRyJls2lbRpSTZ4GPloH+nMgNisw=

Hi,

I have a question about a special LDAP setup , I try to use sock backend for bind user that after succesfull bind have to search on another backend, 

Here my slapd.conf on openldap 2.4.11

access to * by users read


##################BACKEND SOCK#################################################
database                sock
suffix                  "dc=reg-bus-users-local,dc=it"
#catturo le richieste riscritte da rwm bloccando richieste di lettura e scrittura dirette


socketpath              /tmp/ldapauthorization.sock


#######################################################################
# ldbm and/or bdb database definitions
#######################################################################


database        bdb
suffix          "dc=tfk,dc=tfkdatastore"
rootdn          "cn=Root,dc=tfk,dc=tfkdatastore"
rootpw          xxxxx

I also made a fake bind in server listening on socket ldapauthorization.sock



if ($request eq "BIND\n") {
      my %req = ();

      print "RESULT\n";
      print "code: 0\n";
      print "matched: cn=fratbrother,dc=reg-bus-users-local,dc=it\n";


}

my ldapsearch is : 
ldapsearch -H ldap://localhost:389/ -D "cn=fratbrother,dc=reg-bus-users-local,dc=it" -w xxxx  -x -b "dc=tfk,dc=tfkdatastore" "(objectClass=*)"  "*"



result : 

ldap_bind: Insufficient access (50)

my goal if work , is to make bind = (bind + search attribute) in other ldap server  check the validity of attribute and then response bind succesfull,
so redirected bind with check on remote attribute , is possible to do that ? is the right usage of backend sock ?



Ps : also noted that ldap does not connect to socket but make response directly "insufficient access".
Ps : sorry for the bad english

Thanks in Advance
Stefano Vitali

Prev by Date: Invalid credentials (49)
Next by Date: Re: Invalid credentials (49)
Index(es):
- Chronological
- Thread