On Thu, Feb 17, 2011 at 9:09 AM, Andrew Findlay < andrew.findlay@skills-1st.co.uk> wrote:
On Wed, Feb 16, 2011 at 03:29:45PM -0800, Howard Chu wrote:
Similarly I cannot find anything that clearly describes the use of SASL EXTERNAL with ldapi.
Excellent, thanks. That one is remarkably hard to find without a direct pointer. Could you add it to the doc/drafts directory in the source perhaps?
Andrew
Here is the search that Apache is doing. Note that "usuarios" in the search means "users" in portuguese. It doesn't seems even to check if the user really does part of the group defined in the apache config.
Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 fd=21 ACCEPT from IP= 172.16.14.2:34691 (IP=0.0.0.0:389) Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=0 BIND dn="cn=root,dc=dominio,dc=com,dc=br" method=128 Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=0 BIND dn="cn=root,dc=dominio,dc=com,dc=br" mech=SIMPLE ssf=0 Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=0 RESULT tag=97 err=0 text= Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SRCH base="ou=Usuarios,dc=dominio,dc=com,dc=br" scope=2 deref=3 filter="(&(objectClass=*)(uid=lscarneiro))" Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SRCH attr=uid Feb 17 11:11:39 fileserver slapd[2054]: <= bdb_equality_candidates: (uid) not indexed Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 ENTRY dn="uid=lscarneiro,ou=usuarios,dc=dominio,dc=com,dc=br" Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND anonymous mech=implicit ssf=0 Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 BIND dn="uid=lscarneiro,ou=Usuarios,dc=dominio,dc=com,dc=br" method=128 Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=2 RESULT tag=97 err=49 text= Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 op=3 UNBIND Feb 17 11:11:39 fileserver slapd[2054]: conn=1014 fd=21 closed