[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4715) proxy retries anonymously

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4715) proxy retries anonymously
From: hyc@symas.com
Date: Wed, 18 Oct 2006 19:05:55 GMT

The proxycache has nothing to do with the connections to the remote 
server. That's handled by the back-ldap or whatever backend you're 
using. Since you haven't provided any of the relevant config info from 
your slapd.conf there's no way to tell what you're doing there.

In fact your log shows that a Bind was performed on the retry, but it 
was done anonymously. So it may be something as simple as a missing 
config keyword (like rebind-as-user in back-ldap). Or it may possibly be 
related to a bug in back-ldap's retry handling as Pierangelo mentioned 
in his reply to you.

There is no proxycache bug here. At the moment, without further details, 
it doesn't seem there's any OpenLDAP software bug here at all.

Ashish Gawarikar wrote:
> 
> ------------------------------------------------------------------------
> 
> The problem is that the connection to the backend server drops and the proxy
> cache has to reestablish it. Doing this, it doesn't do a BIND again and thus
> the query is executed with anonymous privileges and fails. See log file from
> the backend server:

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4715) Proxy cache TTL does not seem to be working as documented
Next by Date: Re: (ITS#4707) patch: option to bind client socket to an address
Index(es):
- Chronological
- Thread