[Date Prev][Date Next]
Re: Back-ldap configuration and id-assertion.
> On Wed, Sep 1, 2010 at 7:33 PM, <firstname.lastname@example.org> wrote:
>>> On Wed, Sep 1, 2010 at 11:14 AM, Mustafa A. Hashmi <email@example.com>
>>>> On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi
>>>>> On Tue, Aug 31, 2010 at 9:31 PM, <firstname.lastname@example.org> wrote:
>>>> I've uploaded the log file named:
>>>> mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
>>>> Please let me know if you need additional information.
>> Thanks for the logs, I'll let you know.
> Great, thank you.
> Please note that when using code from HEAD, I cannot replicate the
> issue and all works perfectly. For testing, I pointed the same
> secondary system to the new primary (the secondary was still on
The logs you provide do not reveal anything specific; the fixes in HEAD
essentially address the issue that a retry under some circumstances could
result in reconnect anonymously a connection previously bound as some
specific identity. As a consequence, subsequent attempts to use proxied
authorization within identity assertion would fail because anonymous can
never authorize. Those fixes will likely be released in 2.4.24.
Thanks for testing. p.