[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Back-ldap configuration and id-assertion.
> On Wed, Sep 1, 2010 at 7:33 PM, <masarati@aero.polimi.it> wrote:
>>> On Wed, Sep 1, 2010 at 11:14 AM, Mustafa A. Hashmi <mahashmi@gmail.com>
>>> wrote:
>>>> On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi
>>>> <mahashmi@gmail.com>
>>>> wrote:
>>>>> On Tue, Aug 31, 2010 at 9:31 PM, <masarati@aero.polimi.it> wrote:
>>>>
>>>> I've uploaded the log file named:
>>>> mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
>>>> Please let me know if you need additional information.
>>
>> Thanks for the logs, I'll let you know.
>
> Great, thank you.
>
> Please note that when using code from HEAD, I cannot replicate the
> issue and all works perfectly. For testing, I pointed the same
> secondary system to the new primary (the secondary was still on
> 2.4.23-release).
The logs you provide do not reveal anything specific; the fixes in HEAD
essentially address the issue that a retry under some circumstances could
result in reconnect anonymously a connection previously bound as some
specific identity. As a consequence, subsequent attempts to use proxied
authorization within identity assertion would fail because anonymous can
never authorize. Those fixes will likely be released in 2.4.24.
Thanks for testing. p.