On Sat, 2008-05-10 at 03:16 -0700, Howard Chu wrote: > Michael StrÃder wrote: > > HI! > > > > Lurking on the FDS list I noticed the new "Autobind" feature of FDS for > > LDAPI connections which directly emulates a SASL EXTERNAL bind if the > > client connects over LDAPI with a certain user-ID and simple bind (or no > > bind at all). It's configured at the server's side. > > > > See > > http://directory.fedoraproject.org/wiki/LDAPI_and_AutoBind > > > > Wouldn't that be a useful feature in OpenLDAP's slapd too for LDAP for > > automagically binding LDAP clients which aren't capable of sending > > SASL-Bind EXTERNAL but are capable to connect via LDAPI? > > No, it's a direct violation of RFC4513 and a security hole. We had this long > discussion on the fedora-devel list over a year ago. > > https://www.redhat.com/archives/fedora-directory-devel/2007-February/msg00043.html > > This is not a feature, it's a bug Fortunately it is compiled out and configured off by default. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part