Hello,
Just for information, I’ve found the mechanism in OpenLDAP allowing integrators to do stupid things: overlays.
Apple has created a customer overlay for their own services and has recently added hardcoded value for specific request with specific attributes.
http://www.opensource.apple.com/source/OpenLDAP/OpenLDAP-499.27/OpenLDAP/ser...
I didn’t know that overlay was able to have deep control like that over LDAP request.
I can’t thanks you for this end since no one has ever mentioned that OpenLDAP has official hooking API on LDAP request but here is the solution for my problem and now I know how to fix it by my own, without waiting for a fix from Apple, just patching slapd, changing a condition in odusers_search function.
Best regards, Yoann
On 02/16/2015 04:20 AM, Yoann Gini wrote:
Hello,
Just for information, I’ve found the mechanism in OpenLDAP allowing integrators to do stupid things: overlays.
Apple has created a customer overlay for their own services and has recently added hardcoded value for specific request with specific attributes.
http://www.opensource.apple.com/source/OpenLDAP/OpenLDAP-499.27/OpenLDAP/ser...
I didn’t know that overlay was able to have deep control like that over LDAP request.
I can’t thanks you for this end since no one has ever mentioned that OpenLDAP has official hooking API on LDAP request but here is the solution for my problem and now I know how to fix it by my own, without waiting for a fix from Apple, just patching slapd, changing a condition in odusers_search function.
Best regards, Yoann
Excellent Yoann! Thank you for passing that information back. It could help future users of the Apple version of OpenLDAP.
Best Regards,
Yoann Gini wrote:
Hello,
Just for information, I’ve found the mechanism in OpenLDAP allowing integrators to do stupid things: overlays.
Congratulations, moron.
Apple has created a customer overlay for their own services and has recently added hardcoded value for specific request with specific attributes.
Which is exactly what I told you before. http://www.openldap.org/lists/openldap-technical/201502/msg00072.html
Moron.
http://www.opensource.apple.com/source/OpenLDAP/OpenLDAP-499.27/OpenLDAP/ser...
I didn’t know that overlay was able to have deep control like that over LDAP request.
I can’t thanks you for this end since no one has ever mentioned that OpenLDAP has official hooking API on LDAP request but here is the solution for my problem and now I know how to fix it by my own, without waiting for a fix from Apple, just patching slapd, changing a condition in odusers_search function.
Best regards, Yoann
Emmanuel Seyman wrote:
- Yoann Gini [16/02/2015 11:20] :
I didn’t know that overlay was able to have deep control like that over LDAP request.
It was my understanding that you can basically do anything with a LDAP request in the context of an overlay.
Especially it sounds strange that Yoann, who claims to be a professional knowledge worker, overlooked the chapter on overlays in the Admin Guide [1] and blames others hold back their knowlegde.
Ciao, Michael.
openldap-technical@openldap.org