--- Comment #1 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Tue, Apr 07, 2020 at 07:26:50AM +0000, openldap-its(a)openldap.org wrote:
I'm doing a OpenLDAP test with a master/slave replication configuration
including ppolicy overlay. I would like to enable password change from the
slave replica with chain overlay, in order to validate the ppolicy
olcPPolicyForwardUpdates attribute to TRUE. I'm using LDAPS from slave to
master with SASL External authentication with client certificate. The client
certificate correspond to a user DN entry with "manage" rights on the master
server (the same used for the replication). This user DN has authzTo attribute
in order to match the correct PROXYAUTHZ request from its dn to user DN.
I've done a modification of test script test022-ppolicy to test022-policy-chain
which use the same LDIF source and show the problem of modification on the
consumer not "relayed" to the supplier if a fail operation is not done before.
in your view, is this the same issue as ITS#9179? Does adding a fake
binddn into the chain configuration help?
You are receiving this mail because:
You are on the CC list for the bug.