----- "Yeargan Yancey" <[EMAIL PROTECTED]> wrote: > My goal is to configure OpenLDAP as a proxy to provide e-mail > addresses to the public (via anonymous simple binds) using an LDAP > back-end which requires authenticated simple binds. > > Public ccess to this server will be anonymous only and read-only. All > > non-anonymous bind attempts are transformed to anonymous using authz- > > regexp ".+" "dn:". > > However, I need all binds to the back-end LDAP service to use a > specific account. I've looked at the docs and the list archives for > information related to "idassert-bind" but I'm not understanding it > well enough. > > I tried this ... > > idassert-authzFrom "dn:*" > idassert-bind bindmethod="simple" > binddn="cn=info,o=org" > credentials="password" > > but that does not seem to be working for me. I'm getting anonymous > binds on the back-end. Is it possible to do what I'm asking? If so,
you're missing the "mode=none" parameter. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: [EMAIL PROTECTED] -----------------------------------
