[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind & backends

Kurt D. Zeilenga wrote:

My question now is:
I understand that it may not necessary to forward to the backend an anonymous bind. when further requests arrive the backend can try to understand if the connection has been authenticated or not ( anonymous bind )
what I need to understand is how does the backend understand if the frontend authenticated already the reqeust ? In the case of the administrator account which is hardwired in the config file for example the frontend can authenticate the access, so does it ? As far as I see the backend does not have the possibility to do so, unless it does not read the slapd.conf file. Something I do not see ????

Currently the backend must authenticate the rootdn.

Actually, no. The rootdn may be authenticated by other means
(SASL, or by another backend). However, rootpw, if provided for
the rootdn, must be authenticated by that backend.

Ah yes. I was only thinking of a simple bind where rootdn matches the current database and rootpw is provided, since the original question appeared to only relate to simple binds.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support