Ed Greenberg <[EMAIL PROTECTED]> wrote:
> overlay chain
> chain-rebind-as-user FALSE
>
> chain-uri "ldap://master.mydomain.com";
> chain-rebind-as-user TRUE
> chain-idassert-bind bindmethod="simple"
> binddn="cn=Manager,dc=mydomain,dc=com"
> credentials="secret"
> mode="self"
I have this on the slave. The cn=foo is a bug workaround for getting it
working with certificates
overlay chain
chain-uri ldaps://ldapmaster.example.net
chain-idassert-bind bindmethod=sasl
saslmech=EXTERNAL
binddn="cn=foo"
mode=self
chain-idassert-authzFrom "*"
chain-return-error TRUE
On the master. The autz-regexp maps the CN from the certificate to a DN
in the tree
authz-policy to
authz-regexp cn=ldapslave1.example.net
cn=ldapslave1.example.net,o=example
(...)
access to attrs=authzTo
by * read stop
And finally, in the LDAP tree:
dn: cn=ldapslave1.example.net,o=example
authzTo: *
It did work with 2.3 but seems broken in 2.4. The slave accepts the
client's connexion, but when it attempts to do the modification:
modifying entry "uid=foo,o=example"
ldap_modify: Authentication method not supported (7)
Any hint appreciated
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
[EMAIL PROTECTED]
