[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control and GUI clients

To: Alessandro Bottoni <alessandrobottoni@interfree.it>
Subject: Re: Access Control and GUI clients
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 10 Feb 2005 19:35:17 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <200502101826.34902.alessandrobottoni@interfree.it>
References: <200502101826.34902.alessandrobottoni@interfree.it>

At 09:26 AM 2/10/2005, Alessandro Bottoni wrote:
>In all of these cases, the GUI client fails to bind as an authenticated user 
>and falls back to an Anonymous binding. Of course, OpenLDAP accepts to bind 
>with ldapadd and ldapsearch using the same username/password.
>
>Why OpenLDAP refuses to bind when contacted by a GUI client while it accepts 
>to bind to ldapadd and ldapsearch with the same user profile?

Well, either the GUI isn't doing the same kind of bind as
the OpenLDAP command line tools... or is misconfigured...
or is misused.

I suggest you enable and compare slapd logs to determine the
significant difference and then setup the GUI client (if possible)
not to be different in this regard.

>Is there any subtle difference between these two kind of bindings?

Well, slapd(8) cannot and doesn't distinguish one client
implementation from another.  There likely is a subtle
difference in what the clients are doing.

References:
- Access Control and GUI clients
  - From: Alessandro Bottoni <alessandrobottoni@interfree.it>

Prev by Date: RE: index_param failed on uniqueMember ?
Next by Date: Re: SASL EXTERNAL with URLs other than ldapi://
Index(es):
- Chronological
- Thread