Bug 436388
Summary: | LDAPI: introduce --enable-autobind to support AUTOBIND | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Noriko Hosoi <nhosoi> | ||||||||||
Component: | Directory Server | Assignee: | Noriko Hosoi <nhosoi> | ||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | high | ||||||||||||
Version: | 1.1.0 | CC: | benl, jgalipea | ||||||||||
Target Milestone: | --- | ||||||||||||
Target Release: | --- | ||||||||||||
Hardware: | All | ||||||||||||
OS: | Linux | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | 8.1 | Doc Type: | Bug Fix | ||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2009-04-29 23:02:39 UTC | Type: | --- | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 249650, 493682 | ||||||||||||
Attachments: |
|
Description
Noriko Hosoi
2008-03-06 21:59:49 UTC
autoconf gets uid # and gid # from the LDAPI UNIX socket and retrieve the matched entry from the backend to bind the server. For example, Assume these are my uid # and gid # on the test system: $ id uid=12345(nhosoi) gid=12345(nhosoi) Add this posix account to the server: dn: uid=nhosoi, dc=example,dc=com objectclass: top objectclass: posixAccount cn: noriko hosoi uid: nhosoi uidNumber: 12345 gidNumber: 12345 homeDirectory: /home/nhosoi loginShell: bash userPassword: nhosoi Then, run the search against LDAPI UNIX socket without the bind user. Autobind internally searches an entry with the filter (&(uidNumber=12345)(gidNumber=12345)) and binds using the found entry. $ ldapsearch -H ldapi://%2fvar%2frun%2fslapd-laputa.socket/ -w nhosoi -Y DIGEST-MD5 -b "dc=usersys,dc=redhat,dc=com" "(cn=*)" SASL/DIGEST-MD5 authentication started SASL username: nhosoi SASL SSF: 128 SASL installing layers [...] Tested on RHEL4. To use autobind, ldapi, autobind, and maptoentries need to be turned on. nsslapd-ldapifilepath: /var/run/slapd-laputa.socket nsslapd-ldapilisten: on nsslapd-ldapiautobind: on nsslapd-ldapimaprootdn: cn=Directory Manager nsslapd-ldapimaptoentries: on nsslapd-ldapiuidnumbertype: uidNumber nsslapd-ldapigidnumbertype: gidNumber nsslapd-ldapientrysearchbase: dc=example,dc=com nsslapd-ldapiautodnsuffix: cn=peercred,cn=external,cn=auth (*correction*) in the sample in the comment #1, "dc=usersys, dc=redhat,dc=com" should be replaced with "dc=example,dc=com" Created attachment 298099 [details]
cvs diff configure.ac Makefile.am
Created attachment 304990 [details]
cvs diff configure.ac Makefile.am
Files:
ldapserver/configure.ac
ldapserver/Makefile.am
Description: introduced --enable-autobind
By default, autobind is off.
Created attachment 305718 [details]
cvs commit message
Reviewed and commented by Rich, Andrew, and Howard (Thank you!!)
Checked in into CVS HEAD.
Created attachment 313763 [details]
cvs diff configure.ac
Problem description: AUTO-BIND was accidentally turned on.
These 2 are the only ldapi related attributes allowed in dse.ldif
nsslapd-ldapifilepath: /var/run/slapd-test.socket
nsslapd-ldapilisten: off
(In reply to comment #7) > Created an attachment (id=313763) [details] > cvs diff configure.ac > > Problem description: AUTO-BIND was accidentally turned on. > > These 2 are the only ldapi related attributes allowed in dse.ldif > nsslapd-ldapifilepath: /var/run/slapd-test.socket > nsslapd-ldapilisten: off It was not true. AUTO-BIND was not on. Changing the status back to MODIFIED. ldapiautobind is available for DS81 and is off by default. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html |