[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6296) Strong bind doesn't work in slapd-ldap when used by slapd-relay or slapo-translucent

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6296) Strong bind doesn't work in slapd-ldap when used by slapd-relay or slapo-translucent
From: mrubas@kerio.com
Date: Fri, 18 Sep 2009 16:41:46 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

This is a multi-part message in MIME format.
--------------070504020207040208060908
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

So far, it seems to be working. Good job, thanks.

It was not easy to get fresh binary because I had to manage compilation 
with MSVC but that's another issue (ssl3_send_alert() in ITS#1955 & 
ITS#1954).

Thanks again,
M.

masarati@aero.polimi.it wrote:
>> I have to use slapd-ldap in "strong bind" mode which means that user
>> binds using its own credentials and no identity assertion is performed.
>> If slapd-ldap is the only module that is processing request then
>> everything works fine. If slapd-ldap is processing an request forwarded
>> from slapd-relay (with slapo-rwm) or request to database with
>> slapo-translucent then the authentication problem occurs.
>>     
> The solution was a little less intrusive than the one you proposed, but
> your analysis was just fine and definitely effective in pointing me to the
> core of the issue.  It should now be fixed in HEAD, please test.
>
> servers/slapd/back-ldap/bind.c
> new revision: 1.255; previous revision: 1.254
>
> Thanks, p.
>   

--------------070504020207040208060908
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=windows-1252"
 http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
So far, it seems to be working. Good job, thanks.<br>
<br>
It was not easy to get fresh binary because I had to manage compilation
with MSVC but that's another issue (ssl3_send_alert() in ITS#1955 &amp;
ITS#1954).<br>
<br>
Thanks again,<br>
M.<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:masarati@aero.polimi.it";>masarati@aero.polimi.it</a> wrote:
<blockquote
 cite="mid:38264.93.149.38.238.1253215000.squirrel@www.aero.polimi.it"
 type="cite">
  <blockquote type="cite">
    <pre wrap="">I have to use slapd-ldap in "strong bind" mode which means that user
binds using its own credentials and no identity assertion is performed.
If slapd-ldap is the only module that is processing request then
everything works fine. If slapd-ldap is processing an request forwarded
from slapd-relay (with slapo-rwm) or request to database with
slapo-translucent then the authentication problem occurs.
    </pre>
  </blockquote>
  <pre wrap=""><!---->The solution was a little less intrusive than the one you proposed, but
your analysis was just fine and definitely effective in pointing me to the
core of the issue.  It should now be fixed in HEAD, please test.

servers/slapd/back-ldap/bind.c
new revision: 1.255; previous revision: 1.254

Thanks, p.
  </pre>
</blockquote>
</body>
</html>

--------------070504020207040208060908--

Prev by Date: Re: (ITS#6298) ldapsearch hangs after ldapadd
Next by Date: (ITS#6299) Support for RFC 4529 in slapo-allowed
Index(es):
- Chronological
- Thread