On Wed, 2005-12-21 at 12:32 -0500, Matthew Stier wrote: > I tried the options you suggested, it simplied complained it didn't > know what the arguments meant.
You mean idassert-authzfrom "dn:.*" this is supported since 2.3 is out; only, it's not required (at least in 2.3.12-13) as it should to let anonymous connections be asserted. It will since 2.3.14. > > However, I have solved the problem. I stumbled across a referernce to > 'threads', and check my configuration script, and found that I had > turned them off, as part of a debug session for an earlier release of > OpenLDAP. I commented out the 'threads' option, and let 'configure' > figure it out automatically, and loopback is now operating. OK, that's essentially ITS#4141 <http://www.openldap.org/its/index.cgi/Build?id=4141>: proxy backends need threads when looping back because essentially each call is turned into spawning one extra thread per connection, and the active thread pool is limited by the "threads" directive. This should be noted in slapd-ldap(5) and slapd-meta(5); I'll fix them. p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
