Hello,
I have set a translucent proxy and things have been working rather well. I've been able to add/delete and modify local attributes authenticating with the local rootdn. All this has been done using openldap's command line tools. I now have the need to use a web based interface and so i installed phpldapadmin. To my surprise, i can login using the local rootdn but i'm not able to browse or search for any entry in that branch, although i have write access acls, besides the rootdn declaration.
the database definition is as follows:
--- snip ---
database hdb suffix "dc=example,dc=com" rootdn cn=loadmin,dc=example,dc=com rootpw secret directory "/var/lib/ldap" lastmod on
access to attrs=userPassword,sambaNTPassword,krb5Key by dn.exact="cn=admin,dc=example,dc=com" write by dn.exact="cn=loadmin,dc=example,dc=com" write by dn.exact="cn=reader,dc=example,dc=com" read by self read by anonymous auth by * none
access to * by dn.exact="cn=admin,dc=example,dc=com" write by dn.exact="cn=loadmin,dc=example,dc=com" write by * read
index sambaSID,sambaPrimaryGroupSID eq
overlay translucent uri "ldap://ldapbackend.example.com" acl-bind binddn="cn=reader,dc=example,dc=com" credentials="secret" translucent_strict translucent_remote objectClass translucent_local sambaSID,sambaPrimaryGroupSID,sambaAcctFlags overlay glue
--- snip ---
I seen no problem in the configuration, but do please point me out any misconfiguration that might be leading to this behaviour. Since i've been able to use the command line tools, i initially supposed it was a misconfiguration or even a bug in phpldapadmin, but i'm starting to consider the problem as limitiation for the translucent overlay. Should i consider this scenario also?
(I know i should be using runtime config already... Let us leave that to another occasion ;) )
Best regards,
Hugo Monteiro.