On Thursday 20 Aug 2009 13:10:42 Mrugesh Karnik wrote:
When I send an update request, the slave binds with the master with
proper credentials but the ACI evaluation fails on the master. From the ACI
logs on the master, it seems to me that the master evaluates the ACIs for
the multiplexor bind dn rather than for the original user identity. This
leads me to believe that somehow, proxy authentication is not happening.
How do I solve this problem?
Upon further investigation, it turns out that chain on update works perfectly
for attributes other than userPassword. For userPassword, the
nsmultiplexorbinddn is directly considered for aci evaluation rather than the
proxy bind dn.