[Date Prev][Date Next] [Chronological] [Thread] [Top]

Local root browsing for translucent proxy

To: openldap-technical@openldap.org
Subject: Local root browsing for translucent proxy
From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
Date: Mon, 14 Feb 2011 16:32:48 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; PT-pt; rv:1.9.2.15pre) Gecko/20110207 Shredder/3.1.9pre

Hello,

I have set a translucent proxy and things have been working rather well.I've been able to add/delete and modify local attributes authenticatingwith the local rootdn. All this has been done using openldap's commandline tools.I now have the need to use a web based interface and so i installedphpldapadmin. To my surprise, i can login using the local rootdn but i'mnot able to browse or search for any entry in that branch, although ihave write access acls, besides the rootdn declaration.


the database definition is as follows:

--- snip ---

database        hdb
suffix              "dc=example,dc=com"
rootdn            cn=loadmin,dc=example,dc=com
rootpw           secret
directory        "/var/lib/ldap"
lastmod         on

access to attrs=userPassword,sambaNTPassword,krb5Key
                by dn.exact="cn=admin,dc=example,dc=com" write
                by dn.exact="cn=loadmin,dc=example,dc=com" write
                by dn.exact="cn=reader,dc=example,dc=com" read
                by self read
                by anonymous auth
                by * none

access to *
                by dn.exact="cn=admin,dc=example,dc=com" write
                by dn.exact="cn=loadmin,dc=example,dc=com" write
                by * read

index    sambaSID,sambaPrimaryGroupSID eq

overlay translucent
uri "ldap://ldapbackend.example.com";
acl-bind binddn="cn=reader,dc=example,dc=com" credentials="secret"
translucent_strict
translucent_remote    objectClass
translucent_local        sambaSID,sambaPrimaryGroupSID,sambaAcctFlags
overlay glue


--- snip ---

I seen no problem in the configuration, but do please point me out anymisconfiguration that might be leading to this behaviour.Since i've been able to use the command line tools, i initially supposedit was a misconfiguration or even a bug in phpldapadmin, but i'mstarting to consider the problem as limitiation for the translucentoverlay. Should i consider this scenario also?

(I know i should be using runtime config already... Let us leave that toanother occasion ;) )


Best regards,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _

Follow-Ups:
- Re: Local root browsing for translucent proxy
  - From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>

Prev by Date: Re: Slapd Security based on port
Next by Date: Re: Ldap with GroupOfUniqueNames + PosixGroups
Index(es):
- Chronological
- Thread