[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Back-ldap configuration and id-assertion.

> On Wed, Sep 1, 2010 at 7:33 PM,  <masarati@aero.polimi.it> wrote:
>>> On Wed, Sep 1, 2010 at 11:14 AM, Mustafa A. Hashmi <mahashmi@gmail.com>
>>> wrote:
>>>> On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi
>>>> <mahashmi@gmail.com>
>>>> wrote:
>>>>> On Tue, Aug 31, 2010 at 9:31 PM,  <masarati@aero.polimi.it> wrote:
>>>> I've uploaded the log file named:
>>>> mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
>>>> Please let me know if you need additional information.
>> Thanks for the logs, I'll let you know.
> Great, thank you.
> Please note that when using code from HEAD, I cannot replicate the
> issue and all works perfectly. For testing, I pointed the same
> secondary system to the new primary (the secondary was still on
> 2.4.23-release).

The logs you provide do not reveal anything specific; the fixes in HEAD
essentially address the issue that a retry under some circumstances could
result in reconnect anonymously a connection previously bound as some
specific identity.  As a consequence, subsequent attempts to use proxied
authorization within identity assertion would fail because anonymous can
never authorize.  Those fixes will likely be released in 2.4.24.

Thanks for testing.  p.