From yelin@venustech.com.cn Wed Mar 22 19:39:21 2017 From: yelin@venustech.com.cn To: openldap-bugs@openldap.org Subject: Re: Re: (ITS#8546) "allow bind_anon_cred" in slapd.conf does not work as expected Date: Wed, 22 Mar 2017 19:39:19 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6661997424917171569==" --===============6661997424917171569== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. ------=_001_NextPart714452840021_=---- Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: base64 SGVsbG8gUXVhbmFoDQpJIGFtIGZpbmUgdG8gY2xvc2UgdGhpcyBJVFMuDQoNCkluIHRoaXMgY2Fz ZSwgSSBvd2UgeW91IGEgJ1RoYW5rcycgZm9yIHJlc29sdmluZyB0aGUgaXNzdWUgaW4gbXkgcHJv amVjdC4NCkJ1dCB0aGUgdXNlciBleHBlcmllbmNlIGlzIHBvb3IuDQpGcm9tIHRoZSBjdXN0b21l cidzIHBvaW50IG9mIHZpZXcsIGl0IGlzIGhhcmQgdG8gZGV0ZXJtaW5lIGEgYnVnIG9yIGEgbWlz dW5kZXJzdGFuZGluZyB3aGVuIHRoZSByZXN1bHQgaXMgdW5leHBlY3RlZC4gDQoNCkJlc3RzLA0K DQoNCg0KDQp5ZWxpbkB2ZW51c3RlY2guY29tLmNuDQogDQpGcm9tOiBRdWFuYWggR2lic29uLU1v dW50DQpEYXRlOiAyMDE3LTAzLTIyIDIzOjI2DQpUbzogeWVsaW47IG9wZW5sZGFwLWl0cw0KU3Vi amVjdDogUmU6IChJVFMjODU0NikgImFsbG93IGJpbmRfYW5vbl9jcmVkIiBpbiBzbGFwZC5jb25m IGRvZXMgbm90IHdvcmsgYXMgZXhwZWN0ZWQNCkhlbGxvIFllbGluLA0KIA0KVGhlIElUUyBzeXN0 ZW0gaXMgZm9yIGZpbGluZyBidWcgcmVwb3J0cywgbm90IGZvciBhc2tpbmcgaGVscCB3aXRoIHNs YXBkIA0KY29uZmlndXJhdGlvbi4gIFRoZSBjb3JyZWN0IHJlc291cmNlIGZvciBjb25maWd1cmF0 aW9uIHF1ZXN0aW9ucyBpcyB0aGUgDQpvcGVubGRhcC10ZWNobmljYWwgbGlzdDoNCiANCjxodHRw Oi8vd3d3Lm9wZW5sZGFwLm9yZy9saXN0cy9tbS9saXN0aW5mby9vcGVubGRhcC10ZWNobmljYWw+ DQogDQogDQpZb3VyIHVuZGVyc3RhbmRpbmcgb2YgaG93IHRoaXMgZmVhdHVyZSB3b3JrcyBpcyBp bmNvcnJlY3QuICBBcyBub3RlZCBpbiB0aGUgDQpzbGFwZC5jb25mKDUpIG1hbiBwYWdlOg0KIA0K YmluZF9hbm9uX2NyZWQgYWxsb3dzIGFub255bW91cyBiaW5kIHdoZW4gY3JlZGVudGlhbHMgYXJl IG5vdCBlbXB0eSAoZS5nLiANCndoZW4gRE4gaXMgZW1wdHkpLg0KIA0KVGhlIG9wdGlvbiB5b3Ug YXJlIGxvb2tpbmcgZm9yIGluIHlvdXIgY2FzZSBpczoNCiANCmJpbmRfYW5vbl9kbiAgYWxsb3dz IHVuYXV0aGVudGljYXRlZCAoYW5vbnltb3VzKSBiaW5kIHdoZW4gRE4gaXMgbm90IGVtcHR5Lg0K IA0KVGhpcyBJVFMgd2lsbCBiZSBjbG9zZWQuDQogDQpSZWdhcmRzLA0KUXVhbmFoDQogDQotLQ0K IA0KUXVhbmFoIEdpYnNvbi1Nb3VudA0KUHJvZHVjdCBBcmNoaXRlY3QNClN5bWFzIENvcnBvcmF0 aW9uDQpQYWNrYWdlZCwgY2VydGlmaWVkLCBhbmQgc3VwcG9ydGVkIExEQVAgc29sdXRpb25zIHBv d2VyZWQgYnkgT3BlbkxEQVA6DQo8aHR0cDovL3d3dy5zeW1hcy5jb20+DQogDQo= ------=_001_NextPart714452840021_=---- Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable =0A

Hello Quanah

I am fine= to close this ITS.

In this case, I owe you = a 'Thanks' for resolving the issue in my project.

But the= user experience is poor.

From the customer's point of view= , it is hard to determine a bug or a misunderstanding when the result is u= nexpected.

Bests,

=0A

=0A

yelin(a)venustech.com.cn

=0A

= From: Quanah Gibson-Mount=
Date: 2017-03-22 23:26
To:&nb= sp;yelin; openldap-its
Subject: = ;Re: (ITS#8546) "allow bind_anon_cred" in slapd.conf does not work as expe= cted
Hello Yelin,
=0A

=0A<= div>The ITS system is for filing bug reports, not for asking help with sla= pd
=0A
configuration. The correct resource for configurati= on questions is the
=0A
openldap-technical list:
=0A
&n= bsp;
=0A
<http://www.openldap.org/lists/mm/listinfo/openldap-t= echnical>
=0A

=0A

=0A
Your und= erstanding of how this feature works is incorrect. As noted in the <= /div>=0A
slapd.conf(5) man page:
=0A

=0A
bind= _anon_cred allows anonymous bind when credentials are not empty (e.g. =0A
when DN is empty).
=0A

=0A
The option y= ou are looking for in your case is:
=0A

=0A
bind_= anon_dn allows unauthenticated (anonymous) bind when DN is not empty= .
=0A

=0A
This ITS will be closed.
=0A
&= nbsp;
=0A
Regards,
=0A
Quanah
=0A

= =0A
--
=0A

=0A
Quanah Gibson-Mount
=0AProduct Architect
=0A
Symas Corporation
=0A
Packaged,= certified, and supported LDAP solutions powered by OpenLDAP:
=0A<http://www.symas.com>
=0A

=0A

=0A ------=_001_NextPart714452840021_=------ --===============6661997424917171569==--