Return-Path: 
 <users-return-1577-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: (qmail 54842 invoked from network); 2 Jul 2008 01:36:47 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 2 Jul 2008 01:36:47 -0000
Received: (qmail 56170 invoked by uid 500); 2 Jul 2008 01:36:48 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 56132 invoked by uid 500); 2 Jul 2008 01:36:48 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 56120 invoked by uid 99); 2 Jul 2008 01:36:48 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Jul 2008 18:36:48 -0700
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com
 designates 209.85.198.224 as permitted sender)
Received: from [209.85.198.224] (HELO rv-out-0506.google.com) (209.85.198.224)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jul 2008 01:35:56 +0000
Received: by rv-out-0506.google.com with SMTP id g37so160016rvb.25
        for <users@directory.apache.org>;
 Tue, 01 Jul 2008 18:36:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:sender
         :to:subject:in-reply-to:mime-version:content-type:references
         :x-google-sender-auth;
        bh=+1oM71nj/Eos/2Q1e4XwwS8n+xU7x1i6WCtu4ss01vk=;
        b=W4JZQ8MkwWPGd5ZGEr4sQBxhgk8MMslkheSjhKL9/Lu242HK40avKFe26GAO5Vu9dL
         zmXPkIITWVoxnnhcUWuXufNI02OuaHC6pnoFw2wP9BWaFoC1Vm+RQN1+1z6ovDSF3g9O
         Y03uXLFUIx6tPMGPkht4sHzmfXWe09I1+1qeU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:sender:to:subject:in-reply-to:mime-version
         :content-type:references:x-google-sender-auth;
        b=FRVk8SHCUYR+EXbZa80PJBU4tyAn63f1sRaRh5QwHM8Frt7sIL7Vy1AB6guOv2siLe
         zCSW/TwrdUCtl6mCFGuJGwlfuug6sRIrEmw170ptrSq0zLPG9opwl8qcnLenDB1LB2io
         4cLshdB4PQ7bbxgmiziV6pUkl1hW9oEtuTQVA=
Received: by 10.141.20.7 with SMTP id x7mr4034493rvi.183.1214962577106;
        Tue, 01 Jul 2008 18:36:17 -0700 (PDT)
Received: by 10.140.178.6 with HTTP; Tue, 1 Jul 2008 18:36:16 -0700 (PDT)
Message-ID: <a32f6b020807011836x2b992b4dh1f3cbbe713ac6c6@mail.gmail.com>
Date: Tue, 1 Jul 2008 21:36:16 -0400
From: "Alex Karasulu" <akarasulu@apache.org>
Sender: akarasulu@gmail.com
To: users@directory.apache.org, elecharny@apache.org
Subject: Re: Anon Bind
In-Reply-To: <48662538.7070201@apache.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_4296_6682524.1214962577099"
References: <005801c8d89e$e40033b0$0300000a@jamie>
	 <48662538.7070201@apache.org>
X-Google-Sender-Auth: d968ffd64a354871
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_4296_6682524.1214962577099
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

In 1.5.4 we will rework the bind mechanism completely, thereby simplifying
the configuration so it's more intuitive.

Alex

On Sat, Jun 28, 2008 at 7:49 AM, Emmanuel Lecharny <elecharny@apache.org>
wrote:

> John Hughes wrote:
>
>> Using 1.5.2 it appears I can do an anonymous bind to the directory -yet
>> the
>> allowAnonymousAccess property is set to false
>>
>>
> There are three places where the allowAnonymousAccess flag should be set =
in
> the server.xml file :
> - defaultDirectoryService
> - ldapServer
> - apacheDS
>
> Obviously, this is a little bit overkilling :)
>
> We should fix that...
>
>>
>> Although when I try and do a search I do then get an access violation.
>>
>>
> Being able to bind as anonymous and being able to fetch an entry out of t=
he
> server are two different things. In fact, you can even do a search on the
> server without being forced to send a BindRequest (the rootDSE is searcha=
ble
> with an anonymous authorization). Now, if the Anonymous access is forbidd=
en,
> you will get an access violation when earching the server, except when
> looing for the rootDSE attributes.
>
>>
>> Is this supposed to happen?
>>
>>
> Basically, yes. I have to double check about the anonymous Bind, but as w=
e
> are currently working on this part of the server, this will be figured ou=
t
> soon.
>
> Thanks !
>
> --
> --
> cordialement, regards,
> Emmanuel L=E9charny
> www.iktek.com
> directory.apache.org
>
>
>

------=_Part_4296_6682524.1214962577099--