[Date Prev][Date Next]
RE: ldap proxy to AD returns no results - take#2
- To: <email@example.com>
- Subject: RE: ldap proxy to AD returns no results - take#2
- From: "Pierangelo Masarati" <firstname.lastname@example.org>
- Date: Wed, 14 Apr 2004 12:05:50 +0200 (CEST)
- Cc: <openldap-software@OpenLDAP.org>
- Importance: Normal
- In-reply-to: <3D564E73B6DF994EBABD985F4469D5396D7077@kccxoex06.corp.kpmgconsu
- References: <3D564E73B6DF994EBABD985F4469D5396D7077@kccxoex06.corp.kpmgconsu
> Thanks again Pierangelo.
> So what you are saying if I'm not mistaken is that the examples on pages
> 210-213 (most specifically p. 212) of Gerald Carter's O'reilly book on
> LDAP System Administration should not actually work and that is how
> back-ldap is designed?
I don't have that book at hand, so I won't make any public statement about
him being wrong or right ;)
This is my understanding of the code. I would hardly believe any OpenLDAP
portion of code is designed to take a specific administrative identity on
behalf of anonymous. I know it does for internal purposes, that is on
behalf of the proxy DSA with respect to the remote DSA; I also know (I
personally coded something about it) that portions of OpenLDAP code take a
specific identity of authenticated users (e.g. proxyAuthz control in
back-ldap) if instructed to do so.