[Date Prev][Date Next]
Re: bind & backends
Kurt D. Zeilenga wrote:
Ah yes. I was only thinking of a simple bind where rootdn matches the
current database and rootpw is provided, since the original question
appeared to only relate to simple binds.
My question now is:Currently the backend must authenticate the rootdn.
I understand that it may not necessary to forward to the backend an anonymous bind. when further requests arrive the backend can try to understand if the connection has been authenticated or not ( anonymous bind )
what I need to understand is how does the backend understand if the frontend authenticated already the reqeust ? In the case of the administrator account which is hardwired in the config file for example the frontend can authenticate the access, so does it ? As far as I see the backend does not have the possibility to do so, unless it does not read the slapd.conf file. Something I do not see ????
Actually, no. The rootdn may be authenticated by other means
(SASL, or by another backend). However, rootpw, if provided for
the rootdn, must be authenticated by that backend.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support