[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Dual bind, single unbind?
Hallvard B Furuseth wrote:
Bjørn Ruberg writes:
slapd[28594]: op=0 BIND dn="cn=adm,dc=acme,dc=com" method=128
slapd[28594]: op=0 BIND dn="cn=adm,dc=acme,dc=com" mech=SIMPLE ssf=0
This is one Bind operation. Note that both have the same operation
number. I suppose it's logged on two lines because there is too much
info for one line.
This makes sense for logging purposes. However, it shouldn't count as
two in the slapd-monitor backend. I am not sure that it does either, but
these log entries are the best clues I have right now :)
I believe the first DN is the authentication identity - the DN you bound
with and gave a password for, and the second is the resulting
authorization identity - the one which gets access via "access"
statements etc. Sometimes these can be different, when the server is
configured that way - e.g. with SASL binds.
OK, can this be reviewed somehow? Different log level, perhaps?
(The slapd I'm testing this against has just plain old simple auth, by
the way.)
slapd[28594]: op=2 UNBIND
Note that Unbind is not the opposite of Bind, it really means "quit and
terminate the session". The name is of historical origin, it made more
sense in LDAPv2 than in v3.
But it should normally be one unbind for each bind, right? As long as
the client behaves, that is.
Each Bind - even a failed Bind request - cancel any previous Bind.
...as the same DN I presume.
Thanks for your help so far.
--
Bjørn