Hello list,
I'm using translucent in a local server. That same server also has an extra local database, which is a local only branch of the remote database. This database is a subordinate and they glue together well. Now, for the sake of management, i need to be able to identify to the local database (rootdn) but using credentials from the remote database. Assuming one has
translucent to remote - dc=example,dc=com with remote admin user cn=admin,dc=example,dc=com
local - ou=localbranch,dc=example,dc=com with rootdn admin user cn=admin,ou=localbranch,dc=example,dc=com
I tried the follwing on the local server
database hdb suffix "ou=localbranch,dc=example,dc=com" rootdn "cn=admin,ou=localbranch,dc=example,dc=com" rootpw "secret" directory "/var/lib/ldap/ou=localbranch,dc=example,dc=com" index objectClass,sambaSID eq lastmod on
authz-regexp "cn=admin,dc=example,dc=com" "cn=admin,ou=localbranch,dc=example,dc=com"
access to dn.base="ou=localbranch,dc=example,dc=com" by * read
access to * by dn="cn=admin,ou=localbranch,dc=example,dc=com" write by dn="cn=admin,dc=example,dc=com" write by * read
subordinate
The credentials used to connect to the remote server have full read only access to the remote database.
So the problem is that when i try to authenticate using cn=admin,dc=example,dc=com, to the local database branch, i can see the bind request being transluced to the remote server without using the authz-regexp map.
Any advice is appreciated,
Hugo Monteiro.