From mrubas@kerio.com Fri Sep 18 16:41:46 2009
From: mrubas@kerio.com
To: openldap-bugs@openldap.org
Subject: Re: (ITS#6296) Strong bind doesn't work in slapd-ldap when used by
	slapd-relay or slapo-translucent
Date: Fri, 18 Sep 2009 16:41:46 +0000
Message-ID: <200909181641.n8IGfkAD092132@boole.openldap.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5703486694991355768=="

--===============5703486694991355768==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format.
--------------070504020207040208060908
Content-Type: text/plain; charset=3Dwindows-1252; format=3Dflowed
Content-Transfer-Encoding: 7bit

So far, it seems to be working. Good job, thanks.

It was not easy to get fresh binary because I had to manage compilation=20
with MSVC but that's another issue (ssl3_send_alert() in ITS#1955 &=20
ITS#1954).

Thanks again,
M.

masarati(a)aero.polimi.it wrote:
>> I have to use slapd-ldap in "strong bind" mode which means that user
>> binds using its own credentials and no identity assertion is performed.
>> If slapd-ldap is the only module that is processing request then
>> everything works fine. If slapd-ldap is processing an request forwarded
>> from slapd-relay (with slapo-rwm) or request to database with
>> slapo-translucent then the authentication problem occurs.
>>    =20
> The solution was a little less intrusive than the one you proposed, but
> your analysis was just fine and definitely effective in pointing me to the
> core of the issue.  It should now be fixed in HEAD, please test.
>
> servers/slapd/back-ldap/bind.c
> new revision: 1.255; previous revision: 1.254
>
> Thanks, p.
>  =20

--------------070504020207040208060908
Content-Type: text/html; charset=3Dwindows-1252
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content=3D"text/html;charset=3Dwindows-1252"
 http-equiv=3D"Content-Type">
</head>
<body bgcolor=3D"#ffffff" text=3D"#000000">
So far, it seems to be working. Good job, thanks.<br>
<br>
It was not easy to get fresh binary because I had to manage compilation
with MSVC but that's another issue (ssl3_send_alert() in ITS#1955 &amp;
ITS#1954).<br>
<br>
Thanks again,<br>
M.<br>
<br>
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:masarati(a)aero.polimi.i=
t">masarati(a)aero.polimi.it</a> wrote:
<blockquote
 cite=3D"mid:38264.93.149.38.238.1253215000.squirrel(a)www.aero.polimi.it"
 type=3D"cite">
  <blockquote type=3D"cite">
    <pre wrap=3D"">I have to use slapd-ldap in "strong bind" mode which means=
 that user
binds using its own credentials and no identity assertion is performed.
If slapd-ldap is the only module that is processing request then
everything works fine. If slapd-ldap is processing an request forwarded
from slapd-relay (with slapo-rwm) or request to database with
slapo-translucent then the authentication problem occurs.
    </pre>
  </blockquote>
  <pre wrap=3D""><!---->The solution was a little less intrusive than the one=
 you proposed, but
your analysis was just fine and definitely effective in pointing me to the
core of the issue.  It should now be fixed in HEAD, please test.

servers/slapd/back-ldap/bind.c
new revision: 1.255; previous revision: 1.254

Thanks, p.
  </pre>
</blockquote>
</body>
</html>

--------------070504020207040208060908--



--===============5703486694991355768==--