[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4715) proxy retries anonymously



> Either you provide an all-OpenLDAP setup, consisting of proxy, remote
> server and operation sequence that clearly shows the issue, so that we can
> reproduce and track it, or you should rather investigate what's happening
> between the proxy and the remote server, e.g. by providing a tcpdump of
> the communications resulting in the error you reported.

Sorry, I missed your intermediate posting with a trace of the problem
(either I didn't get that message or I simply overlooked it; I've found it
right now on the ITS).

I see that the connection is retried anonymously, which is incorrect. 
This issue is known, and it has been fixed in HEAD code by using identity
assertion to retry non-anonymous connections.  Another option would be to
set "rebind-as-user", so that user credentials are saved and used to retry
non-anonymous connections.  Personally, I'd prefer the idassert approach,
but "rebind-as-user" could be useful in case the remote server does not
support proxyAuthz, or in case your applications need to use proxyAuthz
themselves.

Can you try either (or both) approaches?  The former requires you to build
HEAD (or re24, since last night it was sync'ed with HEAD) code.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------