[Date Prev][Date Next]
RE: sasl-regexp proper behavior?
> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Quanah Gibson-Mount
> I recently had bad data in my directory (oops) that had would
> return 2
> results to the sasl-regexp query for what bind DN to map a user to.
> Other than this being a shot myself in the foot scenario, I'm
> curious about:
> What is the current behavior when this happens? Would the entity get
> assigned the first DN returned?
No. That would be insecure.
> What should the correct behavior be? From the literature,
> should be a 1-1 mapping. So in a case like this when two results are
> returned, should the entity be mapped to a DN at all? Or would it be
> better to return an error?
No mapping is done. The server requires that one-and-only-one entry matches
the regexp, otherwise the mapping step fails and the input DN is unchanged.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support