[389-users] Chaining and LDAP_UNWILLING_TO_PERFORM problem

[Roberto Polli]

On Thursday 30 July 2009 01:36:15 Rich Megginson wrote:
> Roberto Polli wrote:
> > On Thursday 30 July 2009 01:15:00 Rich Megginson wrote:
> >>> but..is it right that in aclplugin.c the function
> >>> acl_get_proxyauth_dn( pb, &proxy_dn, &errtext )
> >>> returns proxy_dn = "" ?
> >>
> >> It is if there is no proxy auth control being sent.
> >
> > but tcpdump states it's sent...
>
> Without walking through the server with the debugger, it's going to be
> difficult to tell what's going on.
it's the whole day I'm trying that way ;) hope to discover something.. I 
should set thread to 1 to use gdb against slapd

> The function acl_get_proxyauth_dn()
> is pretty straightforward - look at the request controls, see if version
> 1 or version 2 of the proxy auth control was sent,
ok

> if so, grab the DN
> from the control value.  There is no obvious place in the code where
> acl_get_proxyauth_dn() would be called conditionally (that is, not
> called due to some condition). 
ok

> So I'm at a loss to explain how
> acl_get_proxyauth_dn() could be called at all, with a valid proxy auth
> control containing a non-empty DN value, and return a NULL or empty DN.
Thats a nice answer :P I'll continue to play with it..just hope not to be 
silly enough to have some mistake in configs.
Maybe it's worth an rpm -U of the server...

Rich, thank you very much for all your prompt replies. I'll let you know.
Thanks again + Peace,
R.
-- 

Roberto Polli
Babel S.r.l. - http://www.babel.it
Tel. +39.06.91801075 - fax +39.06.91612446
Tel. cel +39.340.6522736
P.zza S.Benedetto da Norcia, 33 - 00040 Pomezia (Roma)

"Il seguente messaggio contiene informazioni riservate. Qualora questo 
messaggio fosse da Voi ricevuto per errore, Vogliate cortesemente darcene 
notizia a mezzo e-mail. Vi sollecitiamo altresì a distruggere il messaggio 
erroneamente ricevuto. Quanto precede Vi viene chiesto ai fini del rispetto 
della legge in materia di protezione dei dati personali."