[Fedora-directory-devel] Please review (revised): LDAPI+AUTOBIND
Noriko Hosoi
nhosoi at redhat.com
Wed May 21 16:14:00 UTC 2008
Andrey,
Thank you for pointing it out. If multiple entries are found, the
MapToEntries is considered failed. And it falls through the next step:
checking whether the client user is a super user or not. If it's not,
it's going to be an anonymous bind. I'm updating the memo.
Thanks!
--noriko
Andrey Ivanov wrote:
> Hi,
>
>
> On the page of ldapi/auto-bind I have found the following paragraph :
>
> If "nsslapd-ldapimaptoentries" value is "on", the uid and gid are
> searched with the filter "(&(uidNumber=<uid>)(gidNumber=<gid>)" under
> the search base "nsslapd-ldapientrysearchbase". Once a matched entry
> is found, the client is authenticated as the entry. The uidNumber and
> gidNumber attribute name are configurable with
> "nsslapd-ldapiuidnumbertype" and "nsslapd-ldapigidnumbertype",
> respectively. Password is not necessary in the authentication.
>
>
>
> What happens if there are serveral entries corresponding to the
> abovementioned filter? The bind is refused or there is a random bind?
> Or it will make an anynymous bind? I think this question should be
> clearly defined (as it is defined in PKI external authentification
> avec FDS).
>
>
>
>
> Andrey Ivanov
>
> Direction des Systemes d'Information
> Ecole Polytechnique
> 91128 Palaiseau CEDEX
> France
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20080521/d02d02fd/attachment.bin>
More information about the Fedora-directory-devel
mailing list