2006/10/16, Pierangelo Masarati ando@sys-net.it:
The only possible solution I see in your case is modifying slapo-pcache so that it also caches binds (with all the security concerns this may imply); in that case, an attempt to lookup the bindDN locally should take place before contacting the remote server and, in case of success, identity assertion should be used if the subsequent search is not cached; if the bindDN is not cached, after a successful simple bind, the overlay should save a "glue" entry with the bindDN and the password (possibly encrypted).
My case is even more simple, because the bindDN the client will use is always the same, so based on your suggestion I'm thinking about doing something like this:
- Implement 'bind' operation on pcache overlay so it always returns success to frontend. - Substitute 'meta' backend with multiple instances of 'slapd' backend - Configure 'slapd' backend so it always does identity assertion using mode 'self'
Do you think I'm on the right way?
Regards,
Dani.