httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "drotiro@tiscali.it" <drot...@tiscali.it>
Subject Re: [PATCH 48340] Binding as user in mod_authnz_ldap
Date Mon, 07 Dec 2009 14:31:03 GMT
> What userid/password is used to retrieve  the DN from the uid/cn?

Retrieving DN is done in the first phase, called 'search/bind' in 
mod_authnz_ldap's documentation.
If AuthLDAPBindDN is not configured, then an anonymous bind is used 
this time.
This makes sense to me, because this time we are performing a 
'search' operation and later a 'compare', and the server can be 
stricter with permissions on compare (and that's my case)

> Normally this is the search with the hard-coded AuthLDAPBindDN. 

Looking at the module's code, it seems that AuthLDAPBindDN - if 
configured - is used twice:
 - one in the authentication phase, for the search operation
 - and one in the authorization phase, for the compare operation
My patch only deals with the second one

Domenico



We Love Megapixel ! Fino al 40% di sconto per le stampe formato 13x17/19. 0,12 € cad. per
quantità maggiori di 60 fotohttp://photo.tiscali.it

Mime
View raw message