[Fedora-directory-devel] Please review (revised): LDAPI+AUTOBIND
Andrey Ivanov
Andrey.Ivanov at polytechnique.fr
Wed May 21 13:37:24 UTC 2008
Hi,
On the page of ldapi/auto-bind I have found the following paragraph :
If "nsslapd-ldapimaptoentries" value is "on", the uid and gid are
searched with the filter "(&(uidNumber=<uid>)(gidNumber=<gid>)" under
the search base "nsslapd-ldapientrysearchbase". Once a matched entry
is found, the client is authenticated as the entry. The uidNumber and
gidNumber attribute name are configurable with
"nsslapd-ldapiuidnumbertype" and "nsslapd-ldapigidnumbertype",
respectively. Password is not necessary in the authentication.
What happens if there are serveral entries corresponding to the
abovementioned filter? The bind is refused or there is a random bind?
Or it will make an anynymous bind? I think this question should be
clearly defined (as it is defined in PKI external authentification
avec FDS).
Andrey Ivanov
Direction des Systemes d'Information
Ecole Polytechnique
91128 Palaiseau CEDEX
France
More information about the 389-devel
mailing list