[Auth_ldap] auth_ldap 1.6.0: When reusing a connection, it didn't rebind as s ystem DN

Justin Liebler jl at zoominternet.net
Thu Jun 6 12:02:48 PDT 2002 

Chris,

Check out this link.
http://www.rudedog.org/pipermail/auth_ldap/2001-December/007733.html  Your
problem sounds similar to one that I ran into and this fix worked for me.

Justin

----- Original Message -----
From: "Chris Poon" <Chris.Poon at telus.com>
To: <auth_ldap at rudedog.org>
Sent: Thursday, June 06, 2002 12:22 PM
Subject: [Auth_ldap] auth_ldap 1.6.0: When reusing a connection, it didn't
rebind as s ystem DN


> Note: I'm not currently on the mailing list, so please CC me regarding
> this problem. Also, I haven't browse thru the whole archive (only checked
> out the last 3 months) to see if there was a solution for this problem,
> but here it goes:
>
> Setup:
> An iPlanet LDAP server (consumer) with anonymous search disallowed.
> A web server running Apache 1.3.12 on Solaris 8.
>
> Problem:
> When the authentication fails, Apache logs shows that auth_ldap found
> 0 entries. Further digging on the LDAP access logs shows that auth_ldap
> didn't rebind as the system DN before re-using an existing connection
> for a new authentication. Tried to patch the source code to no avail. Here
> is my latest patch in attempt to force a re-bind for every authentication
> (There are some other changes that I have made here, but mainly the
> change intended was commenting out the section that resets the boundas
> variable to bind_system. I might consider forcing the boundas variable to
> bind_none if this still causes problem)
>
> diff -ubw auth_ldap-1.6.0/auth_ldap.c.ldapbind auth_ldap-1.6.0/auth_ldap.c
> --- auth_ldap-1.6.0/auth_ldap.c.ldapbind Wed Jul  4 08:38:03 2001
> +++ auth_ldap-1.6.0/auth_ldap.c Thu Jun  6 09:57:56 2002
> @@ -331,10 +331,15 @@
>       */
>      if ((sec->binddn && !l->bounddn) ||
>   (!sec->binddn && l->bounddn) ||
> - (sec->binddn && l->bounddn && strcmp(sec->binddn, l->bounddn) != 0))
> + (sec->binddn && l->bounddn &&
> + strcmp(sec->binddn, l->bounddn) != 0) && sec->bindas != l->boundas)
> {
>        l->boundas = bind_none;
> -    else
> -      l->boundas = bind_system;
> +      if (l->bounddn) {
> + free(l->bounddn);
> + l->bounddn = NULL;
> +      }
> +    } /* else
> +      l->boundas = bind_system; */
>    } else {
>      /*
>         Create a new connection entry in the linked list. Note that we
> @@ -653,6 +658,7 @@
>     */
>    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
>   "{%d} LDAP OP: simple bind", (int)getpid());
> +  sec->ldc->bounddn = strdup(sec->dn);
>    sec->ldc->boundas = bind_user;
>    if ((result =
>         ldap_simple_bind_s(sec->ldc->ldap, sec->dn, const_cast(sent_pw)))
==
>
>
> Chris Poon
> Network Security and Server Infrastructure
> TELUS Technology & Operations
> _______________________________________________
> Auth_ldap mailing list
> Auth_ldap at rudedog.org
> http://www.rudedog.org/mailman/listinfo/auth_ldap
>
>

More information about the Auth_ldap mailing list