[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4962) inconsistent Bind(rootdn) behavior

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4962) inconsistent Bind(rootdn) behavior
From: quanah@zimbra.com
Date: Thu, 16 Aug 2007 16:43:55 GMT

--On Thursday, August 16, 2007 12:37 PM +0000 h.b.furuseth@usit.uio.no 
wrote:


> A few icky issues:
>
> - if you've got rootdn from a SASL/EXTERNAL DN and rewrite it to inside
>   the database's DIT, it would be possible to create such an entry with
>   a password.  We could advise people to use a DN outside the database
>   suffix in this case, and/or accept 'rootpw' with no parameter as
>   explicitly refusing Simple Bind with the rootdn.

Or in the case of SASL/GSSAPI, there can be a straight SASL rewrite to an 
internal DN for the rootdn as well.  There is no requirement for the rootdn 
to have to have a rootpw associated with it, and there needn't be.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#4962) inconsistent Bind(rootdn) behavior
Next by Date: Re: (ITS#4962) inconsistent Bind(rootdn) behavior
Index(es):
- Chronological
- Thread