[Date Prev][Date Next] [Chronological] [Thread] [Top]
referred bind does not pass proper DN (ITS#3264)

To: openldap-its@OpenLDAP.org
Subject: referred bind does not pass proper DN (ITS#3264)
From: dmitryn@genesyslab.com
Date: Tue, 3 Aug 2004 20:01:36 GMT
Full_Name: Dmitry Nechayev
Version: 2.2.13
OS: Windows/Solaris
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (198.49.180.254)


Configuration:
Two OpenLDAP servers (master and slave) are on Windows XP machines, client is on
Sparc-Solaris 2.7 machine.
Slave OpenLDAP server has a referral on a container "C" stored on the master
server. That container has a person "P" inside.

Description of the problem:
Client issues a bind request (ldap_simple_bind_s) on the slave server using
person "P"'s distinguished name. Server returns a referral containing LDAP URI
of the master server with container "C"'s distinguished name inside (which is
correct - this is an information stored as referral on the slave). Client's code
is set to chase referrals, so the library's code reencodes the request and sends
it on the master server. But distinguished name in the bind request has changed
from "P" to "C", so it is the container now that is being authenticated at the
master instead of the person. Besides, before sending the reencoded request, the
library still sends anonymous bind request which seems redundant and
inappropriate in this situation.

I found no detailed description of the use case like this in the RFCs, but
logically, the behavior described above does not seem correct for me.

Could you, please, take a look at this problem (or is it my problem?)
Below is the printout of the mentioned interaction.
fram=172.21.10.114 - slave
192.168.8.105 - master

AUT_DBG: Do bind for cn=WCO-Person,ou=WCO,o=Genesys
USA,dc=genesyslab,dc=com:****
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP fram.us.int.genesyslab.com:5001
ldap_pvt_gethostbyname_a: host=fram.us.int.genesyslab.com, r=0
ldap_new_socket: 14
ldap_prepare_socket: 14
ldap_connect_to_host: Trying 172.21.10.114:5001
ldap_connect_timeout: fd: 14 tm: -1 async: 0
ldap_ndelay_on: 14
ldap_is_sock_ready: 14
ldap_ndelay_off: 14
ldap_open_defconn: successful
ldap_send_server_request
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: fram.us.int.genesyslab.com  port: 5001  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug  3 12:27:56 2004

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ldap_read: message type bind msgid 1, original id 1
ldap_chase_v3referrals
ldap_url_parse_ext(ldap://192.168.8.105:5001/ou=WCO,o=GenesysUSA,dc=genesyslab,dc=com)
re_encode_request: new msgid 2, new dn <ou=WCO,o=Genesys
USA,dc=genesyslab,dc=com>
re_encode_request new request is:
ber_dump: buf=0x1016b45c0 ptr=0x1016b45fd end=0x1016b559c len=61
  0000:  63 72 65 74 63 72 65 74  6b f2 60 00 00 00 01 01   cretcretk.`.....  
  0010:  6b 45 e8 00 00 00 01 01  5e f1 50 00 00 00 01 01   kE......^.P.....  
  0020:  6b 46 38 00 00 00 01 01  5e f1 20 00 00 00 01 01   kF8.....^. .....  
  0030:  6b 45 68 00 00 00 01 01  69 3f 70 00 00            kEh.....i?p..     
ldap_chase_v3referral: msgid 1, url
"ldap://192.168.8.105:5001/ou=WCO,o=GenesysUSA,dc=genesyslab,dc=com";
ldap_send_server_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.8.105:5001
ldap_new_socket: 15
ldap_prepare_socket: 15
ldap_connect_to_host: Trying 192.168.8.105:5001
ldap_connect_timeout: fd: 15 tm: -1 async: 0
ldap_ndelay_on: 15
ldap_is_sock_ready: 15
ldap_ndelay_off: 15
anonymous rebind via ldap_bind_s
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result msgid 3
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 3
wait4msg continue, msgid 3, all 1
** Connections:
* host: 192.168.8.105  port: 5001
  refcnt: 2  status: Connected
  last used: Tue Aug  3 12:27:56 2004
  rebind in progress
    queue is empty

* host: fram.us.int.genesyslab.com  port: 5001  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug  3 12:27:56 2004

** Outstanding Requests:
 * msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 1, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=3, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 3, all 1
ldap_read: message type bind msgid 3, original id 3
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
read1msg:  mark request completed, id = 3
request 3 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ldap_msgfree
read1msg:  referral chased, mark request completed, id = 1
read1msg:  1 new referrals
wait4msg continue, msgid 1, all 1
** Connections:
* host: 192.168.8.105  port: 5001
  refcnt: 1  status: Connected
  last used: Tue Aug  3 12:27:56 2004

* host: fram.us.int.genesyslab.com  port: 5001  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug  3 12:27:56 2004

** Outstanding Requests:
 * msgid 2,  origid 1, status InProgress
   outstanding referrals 0, parent count 1
 * msgid 1,  origid 1, status Request Completed
   outstanding referrals 1, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 1, all 1
ldap_read: message type bind msgid 2, original id 1
ldap_chase_referrals
read1msg:  V2 referral chased, mark request completed, id = 2
new result:  res_errno: 48, res_error: <>, res_matched: <>
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
merged parent (id 1) error info:  result errno 48, error <>, matched <>
request 1 done
res_errno: 48, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_request (origid 1, msgid 2)
ldap_free_connection
ldap_send_unbind
ldap_free_connection: actually freed
Prev by Date: Re: syncrepl consumer locks up (ITS#3263)
Next by Date: Re: syncrepl consumer locks up (ITS#3263)
Index(es):
- Chronological
- Thread