-----Original Message----- From: masarati@aero.polimi.it [mailto:masarati@aero.polimi.it] Sent: Thursday, June 11, 2009 3:44 PM To: John Kane Cc: openldap-technical@openldap.org Subject: RE: Chain overlay and ACLs
Knew I was forgetting something :) Here's the overlay info from the slave:
overlay chain chain-uri "ldap://172.25.1.2 chain-idassert-bind bindmethod="simple"
binddn="cn=ldapChain,o=partner_x,dc=example,dc=net" credentials="secret" mode="none" # mode="self"
The documentation I pointed you to clearly shows that you need to use mode="self". Please see slapd-ldap(5) for details on the meaning of those parameters. Enabling mode="self" requires the provider to be able to deal with the proxied authorization control (RFC 4370) in requests.
p.
[JK] With the mode="self", I get the following for any user attempting to make mods from the slave:
ldapmodify: Proxy Authorization Failure (47)
Thanks, John
This message is confidential to Prodea Systems, Inc unless otherwise indicated or apparent from its nature. This message is directed to the intended recipient only, who may be readily determined by the sender of this message and its contents. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient:(a)any dissemination or copying of this message is strictly prohibited; and(b)immediately notify the sender by return message and destroy any copies of this message in any form(electronic, paper or otherwise) that you have.The delivery of this message and its information is neither intended to be nor constitutes a disclosure or waiver of any trade secrets, intellectual property, attorney work product, or attorney-client communications. The authority of the individual sending this message to legally bind Prodea Systems is neither apparent nor implied,and must be independently verified.