Full_Name: Angel Martinez
OS: Red Hat Linux 6.4
Submission from: (NULL) (18.104.22.168)
I'm trying to configure a LDAP proxy with slapd-meta.
I have several suffixs over several instances that shares the same user
accounts. It's posible that one user had access to several targets.
The targets are:
* Users: ou=users, dc=test, dc=com (here resides all accounts)
* Target1: ou=target1, dc=test, dc=com
* Target2: ou=target2, dc=test, dc=com
These 3 suffix are on 3 differents instances.
The instances where target1 and target2 are also have another suffix: ou=users,
dc=test, dc=com. This suffix is replicated from the first instance (Users)
Normally, the users connect throught the proxy, but sometimes will connect
directly to the others instances.
Basically this is the slapd.conf of the proxy:
When a user connects to the proxy with cn=user1,ou=users,dc=test,dc=com, the
user is validated against the first target (ou=users) and can search over this
suffix, but if this user try to search something over other target (for example
ou=target1) the proxy does not use the credentials of the user and do an
anonymous bind to target1, so the search doesn't run.
I thought that rebind-as-user resolve this but doesn't run.
I've tried using idassert-bind mode=self bindmethod=simple
ok, but I prefer not to use an administrative account to connect the proxy with
Is there something I'm missing?
Yes, you did not read slapd-meta(5) man page. rebind-as-user is used in
a totally different context. What you need is idassert-bind.
Please direct further conversation to <openldap-technical(a)openldap.org>.
This ITS will be closed.
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano