Page created: 4 Feb 2020
|
Page updated: 22 Jul 2020
To illustrate how the proxied authorization operational attributes work, it is best to set up a
simple example where two LDAP clients, uid=clientApp1
and
uid=clientApp2
can freely proxy two administrator accounts,
uid=admin1
and uid=admin2
. We will add the
ds-auth-may-proxy-as-*
and the ds-auth-is-proxyable-*
attributes to these entries to restrict how each account can use proxied authorization. For
example, the two client applications will continue to proxy the uid=admin1
account but the uid=admin2
account will no longer be able to be used as a
proxied entry.