[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd bind method codes

To: "Jaap Winius" <jwinius@umrk.nl>
Subject: Re: slapd bind method codes
From: masarati@aero.polimi.it
Date: Sat, 1 Jan 2011 16:58:02 +0100 (CET)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <20110101163834.12691zjmq51p2phc@bitis.umrk.nl>
References: <20110101163834.12691zjmq51p2phc@bitis.umrk.nl>
User-agent: SquirrelMail/1.4.15

> Hi folks,
>
> When clients bind with a provider and the provider's loglevel is set
> to stats, bind events show up frequently in the log. Often, some
> logged bind events have only a blank dn along with a "method" code.
> Here are two separate examples:
>
>     slapd[903]: conn=1021 op=0 BIND dn="" method=128
>
>     slapd[903]: conn=1020 op=0 BIND dn="" method=163

There lines are intended to log a bind request; a second line will
indicate the mechanism used and the resulting ssf.

> Two questions:
>
> 1.) What do these method codes mean? Perhaps there list somewhere
>      that explains all possible method codes.

See LDAP_AUTH_* macros in ldap.h; 128 (0x80) means SIMPLE; 163 (0xa3)
means SASL.

> 2.) When a method code is shown, as in the examples above, why is
>      the value for the dn empty?

An empty DN is perfectly legitimate in both bind methods illustrated
above.  In the case of SIMPLE bind it indicates anonymous; in the case of
SASL bind the requested DN is not relevant; the actual DN will be
constructed according to the mechanism, and might eventually be mapped
according to authz-regexp directives.

p.

References:
- slapd bind method codes
  - From: Jaap Winius <jwinius@umrk.nl>

Prev by Date: slapd bind method codes
Next by Date: SASL proxy auth problem
Index(es):
- Chronological
- Thread