<quote who="Pierangelo Masarati"> > Gavin Henry wrote: > >>>> I will add the 'chain-return-error TRUE' as soon as it is available >>>> in the current 2.3 'stable' release ;-) >>> It's there since 2.3.33; only the man page slipped thru, sorry. >>> Probably because man page updates were not considered a priority in >>> re23 >>> as it's feature frozen, while this was indeed a new feature. >>> >> >> Latest version of docs, with Jim's FAQ added: >> >> http://suretec.org/our_docs/overlays.html#Chaining > > Thanks Gavin. Quick note: probably in this case > chain-idassert-authzFrom "*" is not appropriate, because the consumer > should only return referrals on write, and the above statement would > allow to chain anonymous modifications, which the provider will likely > reject. Although this does not break security or anything like that, it > seems to add a needless round trip for a definitely incorrect operation, > unless someone explicitly allows anonymous modifications. I wouldn't > put this in a (basic) example, though.
Removed and link above updated. > > p. > > > > Ing. Pierangelo Masarati > OpenLDAP Core Team > > SysNet s.r.l. > via Dossi, 8 - 27100 Pavia - ITALIA > http://www.sys-net.it > --------------------------------------- > Office: +39 02 23998309 > Mobile: +39 333 4963172 > Email: [EMAIL PROTECTED] > --------------------------------------- > > >
