https://bugs.openldap.org/show_bug.cgi?id=9205
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- On Tue, Apr 07, 2020 at 07:26:50AM +0000, openldap-its@openldap.org wrote:
Hello, I'm doing a OpenLDAP test with a master/slave replication configuration including ppolicy overlay. I would like to enable password change from the slave replica with chain overlay, in order to validate the ppolicy olcPPolicyForwardUpdates attribute to TRUE. I'm using LDAPS from slave to master with SASL External authentication with client certificate. The client certificate correspond to a user DN entry with "manage" rights on the master server (the same used for the replication). This user DN has authzTo attribute in order to match the correct PROXYAUTHZ request from its dn to user DN. [...] I've done a modification of test script test022-ppolicy to test022-policy-chain which use the same LDIF source and show the problem of modification on the consumer not "relayed" to the supplier if a fail operation is not done before.
Hi Frédéric, in your view, is this the same issue as ITS#9179? Does adding a fake binddn into the chain configuration help?