[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-bugs
Subject:    [Issue 10165] New: back-meta fails to bind to target when proxying an internal operation
From:       openldap-its () openldap ! org
Date:       2024-01-31 11:26:52
Message-ID: bug-10165-2 () http ! bugs ! openldap ! org/
[Download RAW message or body]

https://bugs.openldap.org/show_bug.cgi?id=10165

          Issue ID: 10165
           Summary: back-meta fails to bind to target when proxying an
                    internal operation
           Product: OpenLDAP
           Version: 2.6.7
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: backends
          Assignee: bugs@openldap.org
          Reporter: nivanova@symas.com
  Target Milestone: ---

When the target is configured as follows:

idassert-bind bindmethod=sasl saslmech=EXTERNAL authz=proxyauthz flags=override

and an overlay issues an internal operation, back-meta attempts to open a new
connection to the target, but the bind fails, so the internal operation cannot
be executed.

The target server returns the following error (as logged by back-meta):
<unauthenticated bind (DN with no password) disallowed>

Example configuration of the target server:

authz-regexp gidNumber=.*\+uidNumber=.*,cn=peercred,cn=external,cn=auth
cn=config

logfile ./main.log

database config

database mdb
directory ./main
rootdn cn=config
suffix o=example.com

overlay accesslog
logdb cn=log
logops writes
logsuccess true


database mdb
suffix cn=log
directory ./log

-- 
You are receiving this mail because:
You are on the CC list for the issue.=
[prev in list] [next in list] [prev in thread] [next in thread]