[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comparing slapcat output

> On Tue Jun 28 2005 at 17:17:18 CEST, Howard Chu wrote:
>> slapd is hardcoded to generate DNs in this form for SASL/EXTERNAL over
>> ldapi. It's been like this for a long time now, since release 2.2.13.
>> (See daemon.c...)
> Does that mean that there is no way for me (apart from hacking source)

I'd rather change the code, since the problem you're highlighting
definitely sounds like a bug.

> to change that behaviour? That would be a pity and it seems illogical...

One thing I note is that changing that hardcoded DN will break
authz-regexp rules that rely on that ordering of the uidnumber/gidnumber
bits of SASL/EXTERNAL.  This will require some amount of heads-up.  I
don't quite mind in causing a bit of a headache in 2.3, which is not
likely to be widely used yet.  I wonder if such a fix should be backported
to 2.2, thou.  My guess is that the patch is likely to apply
straightforwardly to 2.2, so you should be able to backport it to fix your
issue without affecting other existing installations of 2.2.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497