[Date Prev][Date Next] [Chronological] [Thread] [Top]

Referral (ITS#531)

Full_Name: David Gress
Version: openldap-1.2.9
OS: Sun 5.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

* I am using a "Supplier initiated agreement" to update a replication database. 

* The replication database (consumer) is pointed to by the app. 
    User attempts to change password but fails on authorization.
* Authorization to the "Supplier" database is "Anonymous", no write allowed
* Bind DN not being passed on referral causing the "Anonymous" Access Control

   ldapmodify -D "cn=Directory Manager" -p389 -h sgi-supptm1 -w test123 -f

..ldap access log (test with ldapmodify across the "supplier" database)

[11/May/2000:12:16:02 -0400] conn=0 fd=63 slot=63 connection from
[11/May/2000:12:16:02 -0400] conn=0 op=0 BIND dn="" method=128 version=2
[11/May/2000:12:16:02 -0400] conn=0 op=0 RESULT err=0 tag=97 nentries=0
[11/May/2000:12:16:02 -0400] conn=0 op=1 MOD 
[11/May/2000:12:16:02 -0400] conn=0 op=1 RESULT err=50 tag=103 nentries=0
[11/May/2000:12:16:03 -0400] conn=0 op=2 UNBIND
[11/May/2000:12:16:03 -0400] conn=0 op=2 fd=63 closed

This results in :

[11/May/2000:12:16:02 -0400] access denied on
dentifier=CiscoTest#0000000005550001,o=CiscoTest,c=US, password, rv:50)
[11/May/2000:12:16:02 -0400] => send_ldap_result 50::Insufficient 'write'
privilege t
o the 'password' attribute of entry

Downloaded and tested Netscape SDK and it works correctly.