[Date Prev][Date Next]
Re: LDAPI and AutoBind
Michael Ströder wrote:
Lurking on the FDS list I noticed the new "Autobind" feature of FDS for
LDAPI connections which directly emulates a SASL EXTERNAL bind if the
client connects over LDAPI with a certain user-ID and simple bind (or no
bind at all). It's configured at the server's side.
Wouldn't that be a useful feature in OpenLDAP's slapd too for LDAP for
automagically binding LDAP clients which aren't capable of sending
SASL-Bind EXTERNAL but are capable to connect via LDAPI?
No, it's a direct violation of RFC4513 and a security hole. We had this long
discussion on the fedora-devel list over a year ago.
This is not a feature, it's a bug, and the fact that they've gone ahead and
advertised it shows just how poorly their thought processes are working.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/