[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4309) back-meta bind ok on target instead bad credential
On Fri, 2006-01-06 at 11:12 +0000, germanlinx@yahoo.fr wrote:
> In back-meta backend , when I try a bind on target with a dn of target , meta
> answers ok with any password (false or good) even the target tells 'invalid
> credential'
There might be issues, but the rationale behind the naive "distributed"
bind that back-meta implements is that when there's more than one target
that could contain the bindDN, they are all tried and as soon as one
succeeds the bind is considered successful, under the assumption that in
any case, in a well-designed distributed environment, the bindDN will
only be present in one target. So it is reasonable, in those cases,
that some of the targets return invalidCredentials, as this is the
expected response when the bindDN does not exist. Of course, it is not
correct to return success if none of the targets reported success. Is
this the case you're suggesting?
>
> I add this patch on bind.c of this backend :
>
> 246,247c246,247
> < /* if ( rc != LDAP_SUCCESS ) { */
> < if ( rs->sr_err != LDAP_SUCCESS ) { /* modif du 01-12-2005 */
> ---
> > if ( rc != LDAP_SUCCESS ) {
> >
>
> in order to correct the behavior
This patch is unusable; please generate one with "diff -u <old> <new>".
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------