directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DIRSERVER-1548) LdapSession must be set to anonymous state after failed simple authentication attempt
Date Tue, 14 Sep 2010 14:08:33 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1548?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny updated DIRSERVER-1548:
-----------------------------------------

    Fix Version/s: 2.0.0-RC1

This is a really bad issue. Must be fixed asap.

> LdapSession must be set to anonymous state after failed simple authentication attempt
> -------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1548
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1548
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: 1.5.7
>            Reporter: Victor Antonovich
>             Fix For: 2.0.0-RC1
>
>         Attachments: BindFailToAnonymousLdapSession.patch
>
>
> At this moment, failed simple authentication attempt lead to unusable LdapSession, because
any subsequent bind attempt with supplied valid credentials in this LdapSession will fail
with error "ERR_732 Cannot process a Request while binding". It's because BindHandler doesn't
reset LdapSession to anonymous state after bind request failure. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message