[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: anonymous proxy and idassert-bind

To: Raphael Berlamont <Raphael.berlamont@raphux.com>
Subject: Re: anonymous proxy and idassert-bind
From: Pierangelo Masarati <ando@sys-net.it>
Date: Mon, 08 Jan 2007 18:18:06 +0100
Cc: openldap-software@openldap.org
In-reply-to: <45A26EF5.8030008@sys-net.it>
References: <43903.88.191.12.192.1168257191.squirrel@webmail2.raphux.com> <45A26EF5.8030008@sys-net.it>
User-agent: Mail/News 1.5.0.7 (X11/20060916)

Pierangelo Masarati wrote:

In this case, there seems to be a bug in identity assertion, which prevents mode=anonymous from working as expected. I suggest you file an ITS so that this bug gets tracked.

Partial correction: half of this bug is already fixed in HEAD/re23 code (and thus will be in 2.3.33). In fact, mode=anonymous now works as expected. What seems to be broken in mode=self when the connection is anonymous. In that case, the proxy should bind as the idassert binddn, and proxyauthz as anonymous, while it does bind without proxyauthz'ing.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

References:
- anonymous proxy and idassert-bind
  - From: "Raphael Berlamont" <Raphael.berlamont@raphux.com>
- Re: anonymous proxy and idassert-bind
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: openldap proxy issue
Next by Date: RE: installing openldap openldap-2.3.31
Index(es):
- Chronological
- Thread