HI!
I'm currently testing proxy authorization with the control implementation com.sun.jndi.ldap.ctl.ProxiedAuthorizationControl in Sun's LDAP boost pack for JNDI.
slapd seems to be configured correctly since this command-line works:
ldapsearch -x -H "ldap://localhost:1390" -D "uid=proxyuser,ou=proxyauthztests,ou=Testing,dc=stroeder,dc=de" -w testproxy -b "ou=Testing,dc=stroeder,dc=de" -s sub -e !authzid="dn:uid=proxieduser,ou=proxyauthztests,ou=Testing,dc=stroeder,dc=de" "(objectClass=*)"
Now I'm trying to do the same via JNDI (see attached Test2.java). But this results in:
Exception: javax.naming.NamingException: [LDAP: error code 47 - authzId mapping failed]; remaining name 'ou=Testing,dc=stroeder,dc=de'
If starting slapd with debugging (-d args,trace,packets) I get the log I've also attached. Note the extra char before "dn:" in line starting with "parseProxyAuthz". I extracted the control from Wireshark and even dumpasn1.c did not manage to decode it properly. So I suspect something's wrong with the encoding. Can anybody please confirm this?
Any hint how to reach Sun's JNDI developers?
Ciao, Michael.