[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind & backends

reinhard.e.voglmaier@gsk.com wrote:

Playing with the backend I've seen that not all binds arrive at the backend at all.
Anonymous binds for example do not.
Only binds with user/pass arrive.


My question now is:
I understand that it may not necessary to forward to the backend an anonymous bind. when further requests arrive the backend can try to understand if the connection has been authenticated or not ( anonymous bind )
what I need to understand is how does the backend understand if the frontend authenticated already the reqeust ? In the case of the administrator account which is hardwired in the config file for example the frontend can authenticate the access, so does it ? As far as I see the backend does not have the possibility to do so, unless it does not read the slapd.conf file. Something I do not see ????

Currently the backend must authenticate the rootdn. This step probably should migrate to the frontend. Anyway, back-bdb/bind.c is a good example. Note the call to be_isroot_pw().

The identity associated with a request is carried around in op->o_ndn. If the value is empty, the operation is anonymous. Otherwise it carries the authorization ID for the request.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support