[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Back-ldap configuration and id-assertion.
On Tue, Sep 7, 2010 at 7:20 AM, <masarati@aero.polimi.it> wrote:
>> On Wed, Sep 1, 2010 at 7:33 PM, <masarati@aero.polimi.it> wrote:
>>>> On Wed, Sep 1, 2010 at 11:14 AM, Mustafa A. Hashmi <mahashmi@gmail.com>
>>>> wrote:
>>>>> On Wed, Sep 1, 2010 at 12:11 AM, Mustafa A. Hashmi
>>>>> <mahashmi@gmail.com>
>>>>> wrote:
>>>>>> On Tue, Aug 31, 2010 at 9:31 PM, <masarati@aero.polimi.it> wrote:
>>>>>
>>>>> I've uploaded the log file named:
>>>>> mustafa-hashmi-20110901-slapd-backldap-log.txt to the incoming folder.
>>>>> Please let me know if you need additional information.
>>>
>>> Thanks for the logs, I'll let you know.
>>
>> Great, thank you.
>>
>> Please note that when using code from HEAD, I cannot replicate the
>> issue and all works perfectly. For testing, I pointed the same
>> secondary system to the new primary (the secondary was still on
>> 2.4.23-release).
>
> The logs you provide do not reveal anything specific; the fixes in HEAD
> essentially address the issue that a retry under some circumstances could
> result in reconnect anonymously a connection previously bound as some
> specific identity. As a consequence, subsequent attempts to use proxied
> authorization within identity assertion would fail because anonymous can
> never authorize. Those fixes will likely be released in 2.4.24.
Thanks for looking into it.
Testing code in HEAD I couldn't replicate the issue, so looking
forward to the next release :)
Mustafa.