[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3845) support for SASL binds with plaintext rootpw

Well, the patch is fine (I'd add a descriptive comment to it) but in 
general, slurpd should not be binding with the rootdn.

We can probably add this to HEAD/RE23; I'm not sure it's eligible for RE22.

townsend@opendarwin.org wrote:
> Full_Name: Jason Townsend
> Version: 2.2.19 and HEAD
> OS: 10.4.1
> URL: http://www.opendarwin.org/~jtownsend/patches/rootpwsasl/servers-slapd-sasl.patch
> Submission from: (NULL) (
> If there is a plaintext rootpw configured, then it is possible to hand that to
> SASL through the auxprop callback in order to allow a SASL bind against that
> account to work. In Mac OS X Server/Open Directory this is used to allow a
> replication identity and password to be set up simply with rootpw/rootdn without
> requiring another record to be added to the database. This way slurpd can
> perform a secure authentication rather than a simple bind.
> This patch was originally made against 2.2.19 and then ported it to HEAD.
> http://www.opendarwin.org/~jtownsend/patches/rootpwsasl/servers-slapd-sasl.patch

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support