[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Dual bind, single unbind?

Bjørn Ruberg writes:
> slapd[28594]: op=0 BIND dn="cn=adm,dc=acme,dc=com" method=128
> slapd[28594]: op=0 BIND dn="cn=adm,dc=acme,dc=com" mech=SIMPLE ssf=0

This is one Bind operation.  Note that both have the same operation
number.  I suppose it's logged on two lines because there is too much
info for one line.

I believe the first DN is the authentication identity - the DN you bound
with and gave a password for, and the second is the resulting
authorization identity - the one which gets access via "access"
statements etc.  Sometimes these can be different, when the server is
configured that way - e.g. with SASL binds.

> slapd[28594]: op=2 UNBIND

Note that Unbind is not the opposite of Bind, it really means "quit and
terminate the session".  The name is of historical origin, it made more
sense in LDAPv2 than in v3.

Each Bind - even a failed Bind request - cancel any previous Bind.