[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4962) inconsistent Bind(rootdn) behavior

--On Thursday, August 16, 2007 12:37 PM +0000 h.b.furuseth@usit.uio.no 

> A few icky issues:
> - if you've got rootdn from a SASL/EXTERNAL DN and rewrite it to inside
>   the database's DIT, it would be possible to create such an entry with
>   a password.  We could advise people to use a DN outside the database
>   suffix in this case, and/or accept 'rootpw' with no parameter as
>   explicitly refusing Simple Bind with the rootdn.

Or in the case of SASL/GSSAPI, there can be a straight SASL rewrite to an 
internal DN for the rootdn as well.  There is no requirement for the rootdn 
to have to have a rootpw associated with it, and there needn't be.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration