[please keep replies on the list] On Mon, 2005-12-12 at 13:38 +0800, William wrote: > > On Fri, 2005-12-09 at 13:33 +0800, Zhang Zhi Wei wrote: > > > > I have no clue right now about your issue; I'd like to point out that I > > spotted a bug in slapd-ldap/slapo-chain which fixed a proxyAuthz issue. > > This was released as of OpenLDAP 2.3.13 and went unnoticed (my fault; > > I've posted a separate, late ITS#4256). > > > > > >>consumer: > >>overlay chain > >>chain-uri ldap://master > >>chain-acl-bind bindmethod=simple > >> binddn="cn=Manager,dc=com" > >> credentials=secret > > > > > > This configuration is incorrect. You need to configure the chain > > overlay using the idassert, not the acl bind. The acl bind used to work > > because of the above bug. The correct configuration is > > > > overlay chain > > chain-uri ldap://master > > chain-idassert-bind bindmethod=simple > > binddn="cn=Manager,dc=com" > > credentials=secret > > mode=self > > I have changed the config , but it seems have no effect, > I have tried both 2.3.12 and 2.3.13, they are the same.
Perhaps my message was not clear enough: this is __not__ going to solve your issue, but in any case you need to use the __second__ form (chain- idassert-bind), because the other one only worked because of a bug in the software which was fixed in 2.3.13. p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
