Hello,
A have a slapd-meta configuration with 6 backend directories. All of them can be accessed anonymously except One of them need that need to be accessed through a technical account.
This technical must be used whatever the proxy bind DN is: - anonymous - user account - manager account (cn=Manager,dc=example,dc=com)
Below is my test configuration: database meta suffix dc=example,dc=com uri ldap://remote:389/dc=example,dc=com idassert-bind bindmethod=simple binddn="uid=tech,dc=example,dc=com" credentials="password"
As no anonymous access were allowed, I had to add the following line: idassert-authzFrom "dn.regex:.*"
This configuration allowed me to perform an anonymous search but the technical account were not used when connecting to the remote directory (anonymous account were used instead).
I then tested "mode=self" and "mode=anonymous". But I received "protocol error" from the remote server when performing an anonymous search (search using user account and search using manager account were working).
I managed to make it working using "mode=none". As the technical account were still not used when connecting to the proxy with a user account, I finally add the "flag=override".
This latest configuration looks good to me but I have to questions :
1/ Do you confirm that "none" is the rigth mode for my need ?
2/ Do you now why I cannot use "self" and "anonymous" ? What could be the reason why I receive the "protocol error" using mode=none and mode=self ?
FYI, remote server is a Sun One DS 5.2. I don't know whether it could explain.
Thank you very much for your expertise.
Michel
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net