Monday, May 24, 2010

openldap replication with chain overlay

Provider's global
------------------------
authzpolicy to



Consumer's global
-----------------------------------------
overlay chain
chain-uri ldaps://ldapvip.prv.sjc1.yahweh.net

chain-idassert-bind bindmethod=simple
binddn="uid=slaveuser,cn=special,o=yahweh"
credentials=yahwehdisciple
mode=self
chain-return-error TRUE
chain-idassert-authzFrom *


One more thing on the provider; add the following to ldap db.
------------------------------
dn: uid=slaveuser,cn=special,o=yahweh
changetype: modify
add: authzTo
authzTo: dn.regex:^uid=[^,]+,cn=people,o=yahweh$
authzTo: dn.exact:uid=slaveuser,cn=special,o=yahweh

No comments: