[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: bind & backends
reinhard.e.voglmaier@gsk.com wrote:
Playing with the backend I've seen that not all binds arrive at the
backend at all.
Anonymous binds for example do not.
Only binds with user/pass arrive.
Correct.
My question now is:
I understand that it may not necessary to forward to the backend an
anonymous bind. when further requests arrive the backend can try to
understand if the connection has been authenticated or not ( anonymous
bind )
what I need to understand is how does the backend understand if the
frontend authenticated already the reqeust ? In the case of the
administrator account which is hardwired in the config file for
example the frontend can authenticate the access, so does it ? As far
as I see the backend does not have the possibility to do so, unless it
does not read the slapd.conf file. Something I do not see ????
Currently the backend must authenticate the rootdn. This step probably
should migrate to the frontend. Anyway, back-bdb/bind.c is a good
example. Note the call to be_isroot_pw().
The identity associated with a request is carried around in op->o_ndn.
If the value is empty, the operation is anonymous. Otherwise it carries
the authorization ID for the request.
--
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support