[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
chaining through proxy and slave
- To: openldap-technical@openldap.org
- Subject: chaining through proxy and slave
- From: Hugo Monteiro <hugo.monteiro@fct.unl.pt>
- Date: Wed, 29 Jun 2011 10:26:47 +0100
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; PT-pt; rv:1.9.2.17) Gecko/20110516 Lightning/1.0b2 Thunderbird/3.1.10
Hello list,
With the following scenario
Client (A) <-----> back_ldap Proxy (B) <-----> syncrepl Slave (C)
<-----> Master (D)
and B and C use a binddn that only has full read permissions on the
database, except for a couple of attributes, on which it has full write
permissions. Also, Each of the represented nodes can only "talk" to the
nodes to which there is a represented connection, so (A) and (B) cannot
chase a configured referral to (D).
What would be the proper way to setup (B) and (C) so that (A) could push
updates for the couple of attributes into the master (D) node?
At the Slave level, i've already setup chaining and making it use (D) as
updateref, but then any push on (B) would not propagate. I also noticed
that in although i used mode=self, in the chaining, i had to configure a
binddn which had full write permissions. Wouldn't it be sufficient to
have a full read enabled binddn or even no binddn at all since the bind
would then be made using the clients credentials?
Thanks in advance,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio@fct.unl.pt
fct.unl.pt:~# _