Re: ACL problem -- user accessing own password

[Jan-Michael Ong <jmong@adobe.com>]

Hi Christine,

I'd be interested in your solution since this is the problem I am also 
faced with when binding to the slave. I would bind as root to the slave and 
get an LDAP_REFERRAL (10) and my code wouldn't know what to do with it. I 
had though that I was rebinding to the master "anonymously" but as one 
person pointed out my client must be smart enough to rebind again with the 
new information from the referral. I'm using Perldap as the backend to do 
the webgui/ldap admin stuff. So if you can figure out of coding a smart 
client of handling this or even an API that'll be great.

Any news will be greatly appreciated.

Thanks

jan-michael ong


At 11:37 AM 3/7/2002 +1100, you wrote:
> Hi John,
>         Thanks for your suggestion re checking the binding.  I have
> now worked out what's happening, though I'm not sure if LDAP
> is doing the right thing or not.  It's due to our setup --
> dc=cordoors,dc=com in one directory with refs to dc=au,dc=cordoors,dc=com
> dc=xx,dc=cordoors,dc=com ... which are in separate directories.
>
> I am binding fine as me to begin with, but the bind id gets
> lost along the way of chasing the references, so that when
> it comes to actually getting the record values, it's effectively
> anonymous.  Even for the root DN.  I don't know if this is
> a bug or not, so I'll ask the list.
>
> Dammit, I *knew* my inital bind was OK, 'cause I was getting
> the expected results for wrong passwords etc.  Didn't occur
> to me the bind might break along the way.
>
> --Chris Robertson