Hello.
I successfully setup the chain overlay, so as to push changes from a
slave to a master, with something as:
overlay chain
chain-uri "ldap://ldap1.domain.tld"
chain-idassert-bind bindmethod="simple"
binddn="cn=chain,ou=roles,dc=domain,dc=tld"
credentials="s3cr3t"
mode="self"
chain-idassert-authzFrom "*"
chain-tls start
chain-return-error TRUE
I'm curious, tough, why the slave has to use a proxy identity to
authenticate on the master, instead of reusing original query
credentials. Is there something preventing it, or is just that all
examples I found sofar were using it ?
I was also curious to know if the slapauth tool was usable to test such
kind of proxy setup. Reading the man page, it seems rather adapted to
testing identity mapping through authz-regexp directives.