Re: bind & backends

[Howard Chu <hyc@symas.com>]

reinhard.e.voglmaier@gsk.com wrote:

> Playing with the backend I've seen that not all binds arrive at the 
> backend at all.
> Anonymous binds for example do not.
> Only binds with user/pass arrive.

Correct.

> My question now is:
> I understand that it may not necessary to forward to the backend an 
> anonymous bind. when further requests arrive the backend can try to 
> understand if the connection has been authenticated or not ( anonymous 
> bind )
> what I need to understand is how does the backend understand if the 
> frontend authenticated already the reqeust ? In the case of the 
> administrator account which is hardwired in the config file for 
> example the frontend can authenticate the access, so does it ? As far 
> as I see the backend does not have the possibility to do so, unless it 
> does not read the slapd.conf file. Something I do not see ????

Currently the backend must authenticate the rootdn. This step probably 
should migrate to the frontend. Anyway, back-bdb/bind.c is a good 
example. Note the call to be_isroot_pw().

The identity associated with a request is carried around in op->o_ndn. 
If the value is empty, the operation is anonymous. Otherwise it carries 
the authorization ID for the request.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support