[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4309) back-meta bind ok on target instead bad credential

On Fri, 2006-01-06 at 15:51 +0000, ando@sys-net.it wrote:
> On Fri, 2006-01-06 at 11:12 +0000, germanlinx@yahoo.fr wrote:
> > In back-meta backend , when I try a bind on target with a dn of target , meta
> > answers ok with any password (false or good) even the target tells 'invalid
> > credential'
> There might be issues, but the rationale behind the naive "distributed"
> bind that back-meta implements is that when there's more than one target
> that could contain the bindDN, they are all tried and as soon as one
> succeeds the bind is considered successful, under the assumption that in
> any case, in a well-designed distributed environment, the bindDN will
> only be present in one target.  So it is reasonable, in those cases,
> that some of the targets return invalidCredentials, as this is the
> expected response when the bindDN does not exist.  Of course, it is not
> correct to return success if none of the targets reported success.  Is
> this the case you're suggesting?

Let me add that this case is tested in test035:

- a bind with a correct password succeeds
- a bind with an incorrect password fails with invalidCredentials

I've added to HEAD a test for binding with a non-existing user, which
correctly fails as well.

Unless you can provide further evidence of a bug, I'd consider this
issue closed.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it