Hi,
I have a question about a special LDAP setup , I try to use sock backend for bind user that after succesfull bind have to search on another backend,
Here my slapd.conf on openldap 2.4.11
access to * by users read
##################BACKEND SOCK################################################# database sock suffix "dc=reg-bus-users-local,dc=it" #catturo le richieste riscritte da rwm bloccando richieste di lettura e scrittura dirette
socketpath /tmp/ldapauthorization.sock
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=tfk,dc=tfkdatastore" rootdn "cn=Root,dc=tfk,dc=tfkdatastore" rootpw xxxxx
I also made a fake bind in server listening on socket ldapauthorization.sock
if ($request eq "BIND\n") { my %req = ();
print "RESULT\n"; print "code: 0\n"; print "matched: cn=fratbrother,dc=reg-bus-users-local,dc=it\n";
}
my ldapsearch is : ldapsearch -H ldap://localhost:389/ -D "cn=fratbrother,dc=reg-bus-users-local,dc=it" -w xxxx -x -b "dc=tfk,dc=tfkdatastore" "(objectClass=*)" "*"
result :
ldap_bind: Insufficient access (50)
my goal if work , is to make bind = (bind + search attribute) in other ldap server check the validity of attribute and then response bind succesfull, so redirected bind with check on remote attribute , is possible to do that ? is the right usage of backend sock ?
Ps : also noted that ldap does not connect to socket but make response directly "insufficient access". Ps : sorry for the bad english
Thanks in Advance Stefano Vitali
openldap-technical@openldap.org