[Issue 10165] New: back-meta fails to bind to target when proxying an internal operation
https://bugs.openldap.org/show_bug.cgi?id=10165
Issue ID: 10165 Summary: back-meta fails to bind to target when proxying an internal operation Product: OpenLDAP Version: 2.6.7 Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: backends Assignee: bugs@openldap.org Reporter: nivanova@symas.com Target Milestone: ---
When the target is configured as follows:
idassert-bind bindmethod=sasl saslmech=EXTERNAL authz=proxyauthz flags=override
and an overlay issues an internal operation, back-meta attempts to open a new connection to the target, but the bind fails, so the internal operation cannot be executed.
The target server returns the following error (as logged by back-meta): <unauthenticated bind (DN with no password) disallowed>
Example configuration of the target server:
authz-regexp gidNumber=.*+uidNumber=.*,cn=peercred,cn=external,cn=auth cn=config
logfile ./main.log
database config
database mdb directory ./main rootdn cn=config suffix o=example.com
overlay accesslog logdb cn=log logops writes logsuccess true
database mdb suffix cn=log directory ./log
https://bugs.openldap.org/show_bug.cgi?id=10165
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.18 Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10165
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- https://git.openldap.org/openldap/openldap/-/merge_requests/680
https://bugs.openldap.org/show_bug.cgi?id=10165
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- head:
• 6cb3063b by Nadezhda Ivanova at 2024-01-31T16:50:45+00:00 ITS#10165 back-meta fails to bind to target when proxying an internal operation
https://bugs.openldap.org/show_bug.cgi?id=10165
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|2.6.7 |2.5.17 Resolution|TEST |FIXED
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- RE26:
• 01e32028 by Nadezhda Ivanova at 2024-02-15T17:51:42+00:00 ITS#10165 back-meta fails to bind to target when proxying an internal operation
RE25:
• 97e2034b by Nadezhda Ivanova at 2024-02-15T17:49:13+00:00 ITS#10165 back-meta fails to bind to target when proxying an internal operation
https://bugs.openldap.org/show_bug.cgi?id=10165
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org