Hi folks,
When clients bind with a provider and the provider's loglevel is set to stats, bind events show up frequently in the log. Often, some logged bind events have only a blank dn along with a "method" code. Here are two separate examples:
slapd[903]: conn=1021 op=0 BIND dn="" method=128 slapd[903]: conn=1020 op=0 BIND dn="" method=163
There lines are intended to log a bind request; a second line will indicate the mechanism used and the resulting ssf.
Two questions:
1.) What do these method codes mean? Perhaps there list somewhere that explains all possible method codes.
See LDAP_AUTH_* macros in ldap.h; 128 (0x80) means SIMPLE; 163 (0xa3) means SASL.
2.) When a method code is shown, as in the examples above, why is the value for the dn empty?
An empty DN is perfectly legitimate in both bind methods illustrated above. In the case of SIMPLE bind it indicates anonymous; in the case of SASL bind the requested DN is not relevant; the actual DN will be constructed according to the mechanism, and might eventually be mapped according to authz-regexp directives.
p.