[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd gets into a spin when using {SASL} password scheme (ITS#3048

To: openldap-its@OpenLDAP.org
Subject: Re: slapd gets into a spin when using {SASL} password scheme (ITS#3048
From: pk@cs.few.eur.nl
Date: Fri, 2 Apr 2004 15:40:03 GMT

> On further reflection, this callback probably should never have been here in
> the first place. I vaguely recall the question arising on -devel a long time
> ago but I can't locate the thread at the moment. The sasl_checkpass function
> is only called for a plaintext authentication. The only possibility for that
> is doing a Simple Bind with {SASL} or doing a SASL Bind with PLAIN. In the
> Simple Bind case, we really have nothing to do here. In the SASL Bind case,
> the slapd auxprop should take care of it. I think the fix is to delete the
> slap_sasl_checkpass function and its associated code.

I'll also note that even for SASL/PLAIN, slap_sasl_checkpass() buys you
nothing unless the access control lists allow anonymous searches for
whatever part of the directory space the `sasl-regexp' evaluates to,
since at this stage the connection is still (or again) necessarily
un-authenticated.

-pk

Prev by Date: RE: slapd gets into a spin when using {SASL} password scheme (ITS#3048
Next by Date: Build Prerequisites (ITS#3053)
Index(es):
- Chronological
- Thread