thank you very much: it works very well with slapd(8) 2.3.27. my issue now is that i will have to use the package supplied by RH enteprise 4: openldap-servers-2.2.13-6.4E and with this version i get this message:
unknown directive "idassert-bind" inside backend database definition (ignored) line 80 (idassert-authzfrom "dn.regex=.+")
slapd doesn't know idassert-authzfrom !
so, do you know if there is an other directive with this version that enable me to do the same things (anonymous bind rewrite as an admin DN)
Thank you for your help ?
Message du 06/01/07 à 00h38 De : "Pierangelo Masarati" A : jerrrry@voila.fr Copie à : openldap-software@openldap.org Objet : Re: openldap proxy issue
jerrrry@voila.fr wrote:
hi,
I'am configuring slapd(8) 2.3.27 for use as a proxy to another LDAP server.
the purpose is to do an ldap authentication to a ldap backend, that need that an administator account bind to do a search, with applications that can only do an anonymous bind.
can openldap rewrite the anonynous connection to bind with the administrator acount instead ?
Try something like:
database ldap suffix "dc=example,dc=com" uri "ldap://:9011" idassert-bind bindmethod="simple" binddn="cn=Manager,dc=example,dc=com" credentials="secret" mode="self" idassert-authzfrom "dn.regex=.+" idassert-authzfrom "dn:"
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it
jerrrry@voila.fr wrote:
thank you very much: it works very well with slapd(8) 2.3.27.
my issue now is that i will have to use the package supplied by RH enteprise 4: openldap-servers-2.2.13-6.4E
and with this version i get this message:
unknown directive "idassert-bind" inside backend database definition (ignored)
line 80 (idassert-authzfrom "dn.regex=.+")
slapd doesn't know idassert-authzfrom !
so, do you know if there is an other directive with this version that enable me to do the same things (anonymous bind rewrite as an admin DN)
1) no there isn't. 2) in 2.2, libldap and proxy backends were very buggy; things are much better now (2.3.32), and will be even better with 2.3.33. There is no good reason (not even support: you won't get any from RedHat) to stay with that old buggy version.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
openldap-software@openldap.org
-
jerrrry@voila.fr -
Pierangelo Masarati