Hi,
this patch add a rebind proc which uses the same credentials used for
the primary server to authenticate to the second server when doing
referral chasing.
There are two important things to keep in mind:
- as already mentioned we use the same credentials for both connections,
i.e. if TLS is used on the first connection, it will be used un the
second too. If GSSAPI is use for the first server it will be used for
the second server with the same realm/KDC/keytab settings. If we want
different credentials and authentication schemes for different server
we should address this in a separate patch.
- everything is synchronous, let me repeat: synchronous. From 'man
ldap_set_rebind_proc': "The rebind function must use a synchronous
bind method."
I have tested this patch against an OpenLDAP server with GSSAPI and
simple bind with and without TLS.
This patch should fix ticket #495.
bye,
Sumit