[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap proxy to AD returns no results - take#2

To: <tim.lank@bearingpoint.com>
Subject: RE: ldap proxy to AD returns no results - take#2
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 14 Apr 2004 12:05:50 +0200 (CEST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <3D564E73B6DF994EBABD985F4469D5396D7077@kccxoex06.corp.kpmgconsu
References: <3D564E73B6DF994EBABD985F4469D5396D7077@kccxoex06.corp.kpmgconsu

> Thanks again Pierangelo.
>
> So what you are saying if I'm not mistaken is that the examples on pages
> 210-213 (most specifically p. 212) of Gerald Carter's O'reilly book on
> LDAP System Administration should not actually work and that is how
> back-ldap is designed?

I don't have that book at hand, so I won't make any public statement about
him being wrong or right ;)

This is my understanding of the code.  I would hardly believe any OpenLDAP
portion of code is designed to take a specific administrative identity on
behalf of anonymous.  I know it does for internal purposes, that is on
behalf of the proxy DSA with respect to the remote DSA; I also know (I
personally coded something about it) that portions of OpenLDAP code take a
specific identity of authenticated users (e.g. proxyAuthz control in
back-ldap) if instructed to do so.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Prev by Date: RE: ldap proxy to AD returns no results - take#2
Next by Date: Re: ldap problem
Index(es):
- Chronological
- Thread