[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comparing slapcat output

To: "Jan-Piet Mens" <jpm@retail-sc.com>
Subject: Re: Comparing slapcat output
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 28 Jun 2005 17:42:48 +0200 (CEST)
Cc: "Howard Chu" <hyc@symas.com>, ando@sys-net.it, openldap-software@OpenLDAP.org
Domainkey-signature: a=rsa-sha1; s=mail; d=sys-net.it; c=simple; q=dns; b=gAm5cPBedkv6n3OR00ERS1UjX1nd3W6fXZLQMRpFv/OX6A1yeGot7Lxiquo1C8yHp ySnh3P6w2znPjEgoMzqTg==
Importance: Normal
In-reply-to: <20050628152340.GA28056@m1.intdus.retail-sc.com>
References: <20050628061008.GA18873@m1.intdus.retail-sc.com> <47795.131.175.154.56.1119968285.squirrel@131.175.154.56> <20050628142653.GA12040@m1.intdus.retail-sc.com> <47857.131.175.154.56.1119970209.squirrel@131.175.154.56> <42C169FE.2020201@symas.com> <20050628152340.GA28056@m1.intdus.retail-sc.com>
User-agent: SquirrelMail/1.4.3a-1

> On Tue Jun 28 2005 at 17:17:18 CEST, Howard Chu wrote:
>
>> slapd is hardcoded to generate DNs in this form for SASL/EXTERNAL over
>> ldapi. It's been like this for a long time now, since release 2.2.13.
>> (See daemon.c...)
>
> Does that mean that there is no way for me (apart from hacking source)

I'd rather change the code, since the problem you're highlighting
definitely sounds like a bug.

> to change that behaviour? That would be a pity and it seems illogical...

One thing I note is that changing that hardcoded DN will break
authz-regexp rules that rely on that ordering of the uidnumber/gidnumber
bits of SASL/EXTERNAL.  This will require some amount of heads-up.  I
don't quite mind in causing a bit of a headache in 2.3, which is not
likely to be widely used yet.  I wonder if such a fix should be backported
to 2.2, thou.  My guess is that the patch is likely to apply
straightforwardly to 2.2, so you should be able to backport it to fix your
issue without affecting other existing installations of 2.2.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Comparing slapcat output
  - From: Jan-Piet Mens <jpm@retail-sc.com>
- Re: Comparing slapcat output
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Comparing slapcat output
  - From: Jan-Piet Mens <jpm@retail-sc.com>
- Re: Comparing slapcat output
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Comparing slapcat output
  - From: Howard Chu <hyc@symas.com>
- Re: Comparing slapcat output
  - From: Jan-Piet Mens <jpm@retail-sc.com>

Prev by Date: Re: slurpd's disaster recovery capability
Next by Date: Re: pb inserting row in LDAP directorie
Index(es):
- Chronological
- Thread