Am Mon, 29 Sep 2014 00:14:55 +0200 schrieb Ferenc Wagner <[email protected]>:
> Ferenc Wagner <[email protected]> writes: > > > I've got a partial syncrepl replica, which (among others) misses the > > userPassword attributes of the provider database. I added a pbind > > overlay to the replica, which forwards binds to the provider, thus > > it became possible to do simple binds against the replica. But > > access control on the replica does not honor these binds properly: > > "by users" works, but "by self" does not. Before I waste too much > > time debugging: is it supposed to work at all? I tested this under > > 2.4.31 with: > > > > dn: olcDatabase={1}mdb,cn=config > > olcAccess: to * by > > dn.exact=gidNumber=119+uidNumber=116,cn=peercred,cn=external,cn=auth > > read by self read by * none olcSyncrepl: rid=1 [...] > > > > The external auth part works, and if I replace self with users, that > > works as well (but is not what I want). Do I expect too much? > > Hi, > > Would anybody please provide some guidance on this problem? define an authorization regular expression in order to map sasl auth string to a DN. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
