hi,
I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server. the purpose is to do an ldap authentication to a ldap backend, that need that an administator account bind to do a search, with applications that can only do an anonymous bind. can openldap rewrite the anonynous connection to bind with the administrator acount instead ? I try this: I compiled with --enable-ldap --enable-rewrite. and my slapd.conf looks like this: database ldap suffix ou=personnes,o=sg uri ldap://192.16.239.210:1389 binddn cn=guards,ou=exploit,ou=personnes,o=sg bindpw secret
but it does not work whereas i put binddn and binfpw. The backend ldap still receive an anonymous connection.
thank you for your help Thomas
jerrrry@voila.fr wrote:
hi,
I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server.
the purpose is to do an ldap authentication to a ldap backend, that need that an administator account bind to do a search, with applications that can only do an anonymous bind.
can openldap rewrite the anonynous connection to bind with the administrator acount instead ?
Try something like:
database ldap suffix "dc=example,dc=com" uri "ldap://:9011" idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials="secret" mode="self" idassert-authzfrom "dn.regex=.+" idassert-authzfrom "dn:"
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
openldap-software@openldap.org
-
jerrrry@voila.fr -
Pierangelo Masarati