[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3876) normalization of generated credentials when using ldapi

To: openldap-its@OpenLDAP.org
Subject: (ITS#3876) normalization of generated credentials when using ldapi
From: ando@sys-net.it
Date: Thu, 21 Jul 2005 22:59:35 GMT

Full_Name: Pierangelo Masarati
Version: HEAD
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (81.72.89.40)
Submitted by: ando


In daemon.c, when using ldapi, the identity of the peer was being set to

    uidnumber=<uid>+gidnumber=<gid>,cn=peercred,cn=external,cn=auth

whithout normalizing it thru the dnNormalize routine; however, slapd would have
normalized it this way

    gidNumber=<gid>+uidNumber=<uid>,cn=peercred,cn=external,cn=auth

note the differences in the order and case of the AVAs.

I suggest the latter normalized form is used, to avoid some inconsistencies e.g.
in ACLs and in authz-regexp rules (note that a direct comparison between the
generated and a normalized value would be impossible).

I've patched HEAD to produce the new, consistent behavior; I realize this is
going to break many existing configurations, so it would'nt be acceptable,
unless we consider that 2.3 is only close to its second release as general use.

Please backout if unacceptable, or suggest the appropriate means for advertizing
the change (other than searching the ITS).

p.

Prev by Date: (ITS#3875) authz* vs. saslauthz* in Admin-Guide
Next by Date: (ITS#3859) Strange replication and search problems
Index(es):
- Chronological
- Thread