[389-users] Chaining and LDAP_UNWILLING_TO_PERFORM problem
Rich Megginson
rmeggins at redhat.com
Wed Jul 29 23:36:15 UTC 2009
Roberto Polli wrote:
> On Thursday 30 July 2009 01:15:00 Rich Megginson wrote:
>
>>> but..is it right that in aclplugin.c the function
>>> acl_get_proxyauth_dn( pb, &proxy_dn, &errtext )
>>> returns proxy_dn = "" ?
>>>
>> It is if there is no proxy auth control being sent.
>>
> but tcpdump states it's sent...
>
Without walking through the server with the debugger, it's going to be
difficult to tell what's going on. The function acl_get_proxyauth_dn()
is pretty straightforward - look at the request controls, see if version
1 or version 2 of the proxy auth control was sent, if so, grab the DN
from the control value. There is no obvious place in the code where
acl_get_proxyauth_dn() would be called conditionally (that is, not
called due to some condition). So I'm at a loss to explain how
acl_get_proxyauth_dn() could be called at all, with a valid proxy auth
control containing a non-empty DN value, and return a NULL or empty DN.
> Peace,
> R.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090729/0df50d23/attachment.bin>
More information about the Fedora-directory-users
mailing list