[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ITS#6661 (Was: FW: (6661))

To: openldap-its@OpenLDAP.org
Subject: RE: ITS#6661 (Was: FW: (6661))
From: masarati@aero.polimi.it
Date: Thu, 30 Sep 2010 12:29:25 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Should be fine now.  The whole thing originated from the fact that
be_rootdn_bind() was passed a NULL SlapReply* without handling results
accordingly.  Thanks, p.

> Yes it is fixed,
>
> But in your fix, only the rootpw password works. If we have the rootdn
> also as a dn stored inside the ldap tree then openldap does not tries to
> bind to the dn of the tree if the rootpw is incorrect
>
> if we use the same code segment of bind.cpp written for back-bdb which is:
>
> 	/* allow noauth binds */
> 	switch ( be_rootdn_bind( op, NULL ) ) {
> 	case LDAP_SUCCESS:
> 		/* frontend will send result */
> 		return rs->sr_err;
> 	default:
> 		break;
> 	}
> And the rootpw is not matched, then slapd will continue to search the ldap
> tree and if it finds a dn and its userPassword matches, then it
> authenticates. If an appropriate dn / password is not found in the tree,
> then it throughs the invalid credentials error.
>
> Maybe the bind-dbd way is more correct?
>
>

Prev by Date: Re: (ITS#6660) paged result searches fail to deallocate memory until slapd shutdown
Next by Date: Re: (ITS#6660) paged result searches fail to deallocate memory until slapd shutdown
Index(es):
- Chronological
- Thread