[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Back-ldap configuration and id-assertion.

To: openldap-technical@openldap.org
Subject: Re: Back-ldap configuration and id-assertion.
From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
Date: Tue, 7 Sep 2010 14:12:09 +0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=HOMprBD/rLuHMVAhaO4Shv4qjEqvN39PxuYECKVtWB4=; b=m4THISMXB0cOZq6yV5h9pmjgJJYXs7+lNwamqcOFpwzSzu/8Gx3njGAv7hUfC7c1ii +Tofo0kRNFbKLSsWumnMlxTL1VCKdQZA/ZeDUMYKTEs7ZbMW3Ej6aUQoiLtIkGJBLILT O+maFJYbozpyjeGnHtEzlYtx1fEe3oBGc8T9Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=w7efjyEJFZSDatBhk8Il4YIDsKcLDfkGdMCF8C0Rdj6/s+WgfxeS+yjFSPtVfbil5q HvR075SHMHOdKPAfSqKuP8KXEbPv+CfBaU98UA25ByOR1eiW0itvoIl36Wtdek1e7i0A W9mTcGMcRnXve7rtOtSlI8c0ouCe3rUps7m5A=
In-reply-to: <81a262cd8b63cb4e14c0694803634d02.squirrel@www.aero.polimi.it>
References: <AANLkTinWQNQrtKeLGHr9YYrdeR2u8Zj4biELMj_Ww0jW@mail.gmail.com> <18927c0743f3259398499055d40f5da1.squirrel@www.aero.polimi.it> <AANLkTiniRg0Xp7-hF6xKDnH39Fmvv+o_ade8cfOBiB5L@mail.gmail.com> <AANLkTim_qYKQ_f4UxnCNAdBBTEvhN7yzWspEgqAGt6YE@mail.gmail.com> <AANLkTin-YDsB+YPai==dnjSu_yQ6VXCJcD=-CRC-1uf_@mail.gmail.com> <6f3f69f1565ad43b31e34a4ac5d9b3cc.squirrel@www.aero.polimi.it> <AANLkTikf67CZkPN-cvETM6SpJpZQoD_18P6Gpqn-=WUj@mail.gmail.com> <81a262cd8b63cb4e14c0694803634d02.squirrel@www.aero.polimi.it>

On Tue, Sep 7, 2010 at 7:20 AM,  <masarati@aero.polimi.it> wrote:
>> On Wed, Sep 1, 2010 at 7:33 PM,  <masarati@aero.polimi.it> wrote:
>>>> On Wed, Sep 1, 2010 at 11:14 AM, Mustafa A. Hashmi <mahashmi@gmail.com>
>>>> wrote:
>>>>> On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi
>>>>> <mahashmi@gmail.com>
>>>>> wrote:
>>>>>> On Tue, Aug 31, 2010 at 9:31 PM,  <masarati@aero.polimi.it> wrote:
>>>>>
>>>>> I've uploaded the log file named:
>>>>> mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
>>>>> Please let me know if you need additional information.
>>>
>>> Thanks for the logs, I'll let you know.
>>
>> Great, thank you.
>>
>> Please note that when using code from HEAD, I cannot replicate the
>> issue and all works perfectly. For testing, I pointed the same
>> secondary system to the new primary (the secondary was still on
>> 2.4.23-release).
>
> The logs you provide do not reveal anything specific; the fixes in HEAD
> essentially address the issue that a retry under some circumstances could
> result in reconnect anonymously a connection previously bound as some
> specific identity.  As a consequence, subsequent attempts to use proxied
> authorization within identity assertion would fail because anonymous can
> never authorize.  Those fixes will likely be released in 2.4.24.

Thanks for looking into it.

Testing code in HEAD I couldn't replicate the issue, so looking
forward to the next release :)

Mustafa.

References:
- Re: Back-ldap configuration and id-assertion.
  - From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
- Re: Back-ldap configuration and id-assertion.
  - From: masarati@aero.polimi.it
- Re: Back-ldap configuration and id-assertion.
  - From: "Mustafa A. Hashmi" <mahashmi@gmail.com>
- Re: Back-ldap configuration and id-assertion.
  - From: masarati@aero.polimi.it

Prev by Date: back-sql disconnects
Next by Date: Sunone 5.2 to openldap migration
Index(es):
- Chronological
- Thread