On 09/17/2015 09:27 AM, Raspante, Patrick wrote:
For the CA’s authorization subsystem, Is it possible to configure the
CA to look for users in a different DS instance than the one defined
in ‘internaldb.ldapconn.host’ ?
I’ve done some initial testing changing the following settings to
point to another ds instance:
authz.instance.DirAclAuthz.ldap.basedn=<my basedn>
authz.instance.DirAclAuthz.ldap.database=<my database>
authz.instance.DirAclAuthz.ldap.ldapconn.host=myotherds
authz.instance.DirAclAuthz.ldap.ldapconn.port=389
After a restart, the CA seems to still be doing authorization queries
to the DS defined in ‘internaldb.ldapconn.host’.
Thanks,
pwr
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users you may define a separate authz
authz.impl.myDirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
authz.instance.myDirAclAuthz.ldap.basedn=<my basedn>
authz.instance.myDirAclAuthz.ldap.database=<my database>
authz.instance.myDirAclAuthz.ldap.ldapconn.host=myotherds
authz.instance.myDirAclAuthz.ldap.ldapconn.port=389
also add
authz.instance.myDirAclAuthz.ldap=myotherdb
and to enroll
processor.caProfileSubmit.authzMgr=myDirAclAuthz
M.