Re: Local root browsing for translucent proxy
I though about putting it in a simpler way.
OpenLDAP 2.4.23 with translucent proxy.
I'm able to add/remove/modify attributes locally using the rootdn
defined in the server configuration.
I'm NOT able to browse or perform searches using those same credentials.
I always get 0 entries.
I am however able to perform searches and browse the tree if i bind
anonymously or if i bind with one of the LDAP users accounts.
Is this behaviour to be expected? Is there any way to use a single pair
of credentials and be able to add/delete/modify/browse/search ?
the database definition is as follows:
--- snip ---
database hdb
suffix "dc=example,dc=com"
rootdn cn=loadmin,dc=example,dc=com
rootpw secret
directory "/var/lib/ldap"
lastmod on
access to attrs=userPassword,sambaNTPassword,krb5Key
by dn.exact="cn=admin,dc=example,dc=com" write
by dn.exact="cn=loadmin,dc=example,dc=com" write
by dn.exact="cn=reader,dc=example,dc=com" read
by self read
by anonymous auth
by * none
access to *
by dn.exact="cn=admin,dc=example,dc=com" write
by dn.exact="cn=loadmin,dc=example,dc=com" write
by * read
index sambaSID,sambaPrimaryGroupSID eq
overlay translucent
uri "ldap://ldapbackend.example.com"
acl-bind binddn="cn=reader,dc=example,dc=com" credentials="secret"
translucent_strict
translucent_remote objectClass
translucent_local sambaSID,sambaPrimaryGroupSID,sambaAcctFlags
overlay glue
--- snip ---
Best Regards,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro(a)fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio(a)fct.unl.pt
fct.unl.pt:~# _