On Lun 8 janvier 2007 17:19, Pierangelo Masarati a écrit :
I have no idea of why it ever gets to return "no such object"; if the above is your slapd.conf, I see too many whitespaces in front of too many directives to yield a valid slapd-ldap configuration, though.
You were right. I thought I could use some indents like : database ldap option 1 option 2 sub-section 1 (like idassert-bind) option1-of subsection1 option2-of subsection1 sub-section 2 option1-of subsection2 option2-of subsection2
For slaptest, everything is fine. The parser doesn't yell, but that change slapd behaviour, randomly. With this correction, the "no such object" error disapeared.
In any case, if you specify flags=non-prescriptive, anonymous operations will not use identity assertion; in fact, non-prescriptive means that operations whose identity cannot be authorized are performed anonymously; the default is to reject them with "inappropriate authentication".
Ok, removed.
A configuration like
database ldap suffix "dc=example,dc=com" uri ldap://:9011 idassert-bind bindmethod=simple mode=self binddn="cn=Manager,dc=example,dc=com" credentials="secret" idassert-authzFrom "dn.regex:.*"
will do the trick (although, with the above bug, no proxyauthz wil occur and, as such, the operation will be performed with the identity defined in binddn).
For informationnal purpose, here is our "database ldap" section, that works : -------8<------------------ database ldap lastmod off chase-referrals no suffix "dc=x1,dc=f0,dc=enterprise" uri "ldap://192.168.AD.IP:3268/" idassert-bind bindmethod=simple binddn="CN=user1,OU=FR ,dc=my,DC=firm,DC=com" credentials="secret" mode=anonymous idassert-authzFrom "dn.regex:.*" -------8<------------------
Thx for your help!