thank you very much: it works very well with slapd(8) 2.3.27.
my issue now is that i will have to use the package supplied by RH enteprise 4: openldap-servers-2.2.13-6.4E
and with this version i get this message:
unknown directive "idassert-bind" inside backend database definition (ignored)
line 80 (idassert-authzfrom "dn.regex=.+")
slapd doesn't know idassert-authzfrom !
so, do you know if there is an other directive with this version that enable me to do the same things (anonymous bind rewrite as an admin DN)
Thank you for your help ?
> Message du 06/01/07 à 00h38
> De : "Pierangelo Masarati"
> A : jerrrry@voila.fr
> Copie à : openldap-software@openldap.org
> Objet : Re: openldap proxy issue
>
> jerrrry@voila.fr wrote:
> >
> > hi,
> >
> >
> > I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP
> > server.
> >
> > the purpose is to do an ldap authentication to a ldap backend, that
> > need that an administator account bind to do a search, with
> > applications that can only do an anonymous bind.
> >
> > can openldap rewrite the anonynous connection to bind with the
> > administrator acount instead ?
> >
> Try something like:
>
> database ldap
> suffix "dc=example,dc=com"
> uri "ldap://:9011"
> idassert-bind bindmethod="simple"
> binddn="cn=Manager,dc=example,dc=com"
> credentials="secret"
> mode="self"
> idassert-authzfrom "dn.regex=.+"
> idassert-authzfrom "dn:"
>
>
> p.
>
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.n.c.
> Via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ------------------------------------------
> Office: +39.02.23998309
> Mobile: +39.333.4963172
> Email: pierangelo.masarati@sys-net.it
> ------------------------------------------
>
>
>