[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8909) "authz-policy all" works as "authz-policy any", possibly yielding unauthorized access

On Wed, 29 Aug 2018 at 01:14:51 +0100, Howard Chu wrote:
> Thanks for the report. Looks like this has been present since commit
> 113727ba.  Fixed now in git master

Thanks for the quick fix!  Not sure why rc's value is preserved here but
set to LDAP_INAPPROPRIATE_AUTH in all other failing cases, though.  But
that doesn't seem to matter beside debug logs now showing a return value
other than 48, disclosing the actual reason of the failure; for instance

    <== slap_sasl_authorized: return 16
    SASL Proxy Authorize [conn=1022]: proxy authorization disallowed (16)

for a missing authTo under authz-policy "all".