[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ITS#6661 (Was: FW: (6661))

To: openldap-its@OpenLDAP.org
Subject: RE: ITS#6661 (Was: FW: (6661))
From: gtzanetis@pylones.gr
Date: Thu, 30 Sep 2010 11:50:46 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Yes it is fixed,

But in your fix, only the rootpw password works. If we have the rootdn also=
 as a dn stored inside the ldap tree then openldap does not tries to bind t=
o the dn of the tree if the rootpw is incorrect

if we use the same code segment of bind.cpp written for back-bdb which is:

	/* allow noauth binds */
	switch ( be_rootdn_bind( op, NULL ) ) {
	case LDAP_SUCCESS:
		/* frontend will send result */
		return rs->sr_err;
	default:
		break;
	}
And the rootpw is not matched, then slapd will continue to search the ldap =
tree and if it finds a dn and its userPassword matches, then it authenticat=
es. If an appropriate dn / password is not found in the tree, then it throu=
ghs the invalid credentials error.

Maybe the bind-dbd way is more correct?

Prev by Date: (ITS#6662) ldapsearch with slapd-ndb only works when filter is a substring
Next by Date: (ITS#6663) refint not altering last attribute on delete
Index(es):
- Chronological
- Thread