[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External Clarification

To: Francois Beretti <francois.beretti@enatel.com>
Subject: Re: SASL External Clarification
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 12 Mar 2003 07:30:27 -0800
Cc: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <1047464914.2876.55.camel@linux-integ>

At 02:28 AM 3/12/2003, Francois Beretti wrote:
>but according to my ACLs, a user who doesn't exist in the directory
>shouldn't be able to bind to it...

No.  

>Dieter said that I was doing an anonymous bind (I haven't yet these
>ACLs)
>Now anonymous bind should be forbidden
>Am I wrong ?

Yes.

A "by anonymous auth" clause statement says:
        "An anonymous client can access the target directory
       information for authentication purposes."

Since the credentials are not held in the directory, there
client doesn't not need access to the directory to
authentication.

Examples of credentials not held in the directory include
"rootpw", sasldb, Kerberos tickets, AF_UNIX peer eid, and
PKI certificates.

Follow-Ups:
- Re: SASL External Clarification
  - From: Francois Beretti <francois.beretti@enatel.com>

References:
- SASL External Clarification
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: Re: choosing backend
Next by Date: re:back-sql problem
Index(es):
- Chronological
- Thread