[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd exits on processing malformed saslAuthzTo attribute (ITS#3077)
Full_Name: Michael Glasson
Version: 2.2.7
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.12.252.12)
slapd exits when processing a saslAuthzTo attribute which is not formatted
correctly.
A saslAuthzTo like "uid=mg,ou=person,dc=mynym,dc=net" is processed as you would
expect, allowing the authentication id to authorize as the target entry.
A saslAuthzTo like "dn.regex:uid=.*,ou=person,dc=mynym,dc=net" is also processed
as you would expect, allowing the authentication id to authorize as an entry in
the target subtree.
A saslAuthzTo like "dn.subtree:ou=person,dc=mynym,dc=net" causes slapd to exit
immediately.
I understand that saslAuthzTo entries of forms other than "dn.regex:..." may not
be supported, but I do not imagine that slapd should die when it processes an
unsupported saslAuthzTo.