Siddhartha Jain sjain@silverspringnet.com writes:
I am still stuck at the same place where a chained consumer allows a client to auth with a bad password. Remove chaining and bad passwords are no longer accepted.
To troubleshoot from scratch, I am curious about how chaining should be configured in the new ldif-based configuration scheme?
[...]
Interestingly, it creates two "ldap" databases for a single "chain" overlay. Can someone please explain why/how is this so? Why does chaining go to "frontend" db instead of being under the database that is chained? I tried to create the "ldap" databases under a "bdb" database but OpenLDAP won't allow that.
Two databases are created because chain in principle is a ldap backend plus additonal chaining configuration options.
-Dieter