[Date Prev][Date Next]
Re: (ITS#4962) inconsistent Bind(rootdn) behavior
--On Thursday, August 16, 2007 12:37 PM +0000 firstname.lastname@example.org
> A few icky issues:
> - if you've got rootdn from a SASL/EXTERNAL DN and rewrite it to inside
> the database's DIT, it would be possible to create such an entry with
> a password. We could advise people to use a DN outside the database
> suffix in this case, and/or accept 'rootpw' with no parameter as
> explicitly refusing Simple Bind with the rootdn.
Or in the case of SASL/GSSAPI, there can be a straight SASL rewrite to an
internal DN for the rootdn as well. There is no requirement for the rootdn
to have to have a rootpw associated with it, and there needn't be.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration