On Sunday 22 July 2007 03:48, Philip Guenther wrote:
On Fri, 20 Jul 2007, Thierry Lacoste wrote:
What is the difference between dn="" and anonymous?
conn=4069 op=3 BIND dn="" method=128
This is an actual simple bind request (128 == LDAP_AUTH_SIMPLE).
conn=10515 op=4 BIND anonymous mech=implicit ssf=0
When a bind is received, the connection's existing authorization (if any) is cancelled. That log message generated by slapd when a bind is received on a connection that has an existing binding, logging the reversion to anonymous done at the beginning of the bind.
Thanks a lot. It's much clearer now. Indeed the "BIND anonymous" is always done immediately before an actual bind request when the connection has already been used. Furthermore the two binds are always part of the same op.
Does "mech=implicit" mean "done by the server as an internal preparatory step"?
I have been confused by the fact that a bind with an empty dn is termed "anonymous". In the following two consecutive log entries conn=17 op=3 BIND anonymous mech=implicit ssf=0 conn=17 op=3 BIND dn="" method=128 based on your explanations my guess is that the second bind doesn't change authorizations on conn=17. Am I right?
Regards, Thierry.