[Pki-users] DirAclAuthz host configuration
Marc Sauton
msauton at redhat.com
Thu Sep 17 17:36:51 UTC 2015
On 09/17/2015 09:27 AM, Raspante, Patrick wrote:
>
> For the CA’s authorization subsystem, Is it possible to configure the
> CA to look for users in a different DS instance than the one defined
> in ‘internaldb.ldapconn.host’ ?
>
> I’ve done some initial testing changing the following settings to
> point to another ds instance:
>
> authz.instance.DirAclAuthz.ldap.basedn=<my basedn>
> authz.instance.DirAclAuthz.ldap.database=<my database>
>
> authz.instance.DirAclAuthz.ldap.ldapconn.host=myotherds
>
> authz.instance.DirAclAuthz.ldap.ldapconn.port=389
>
> After a restart, the CA seems to still be doing authorization queries
> to the DS defined in ‘internaldb.ldapconn.host’.
>
> Thanks,
>
> pwr
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
you may define a separate authz
authz.impl.myDirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
authz.instance.myDirAclAuthz.ldap.basedn=<my basedn>
authz.instance.myDirAclAuthz.ldap.database=<my database>
authz.instance.myDirAclAuthz.ldap.ldapconn.host=myotherds
authz.instance.myDirAclAuthz.ldap.ldapconn.port=389
also add
authz.instance.myDirAclAuthz.ldap=myotherdb
and to enroll
processor.caProfileSubmit.authzMgr=myDirAclAuthz
M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150917/0a734b7d/attachment.htm>
More information about the Pki-users
mailing list