Pierangelo Masarati skrev, on 05-09-2007 14:38:
[...]
I could feel your pain, but I just tried, and adding rebind as user stuff didn't alter the behavior I could experience: it worked for authenticated operations, and it didn't for anonymous, unless explicitly letting them thru as already explained.
Ok, I'll believe it; I'm not going to start over now, since stuff is working and it's a production Samba PDC for over 1000 users - I've other things to worry about that don't work as I expect - such as ppolicy and pam_ldap. Won't go into that on this list ...
It's no good telling me that chain-rebind-as-user is useless, when:
Useless in that context. It is useful when automatically chasing referrals, and when idassert is not used.
1: it's documented - though without an explanation - in SLAPO-CHAIN, and
I'll remove it from the examples, since it appears to cause more trouble than necessary.
NO, NO, PLEASE! It's what saved what little sanity I've got left, just that pointer. Perhaps it will be good for others too?
2: it works ("works" means the referral from the slave is accepted and passed to the master, while a config without it doesn't).
Well, it doesn't here. I suspect the evil is in the details. You should provide producer and consumer slapd.conf, a minimal set of data and an example operation that shows the issue. Possibly thru the ITS, since if the behavior you complain abut is reproducible there's a bug.
I've got two test machines at home (this is one) and I'll try it again (and again and again) when I can; as I wrote, it used to work, so perhaps I'm doing somethingthing wrong.
Thanks for the patient expansion, you (and others) write the software and you should know.
Best,
--Tonni