Andrey,Thank you for pointing it out. If multiple entries are found, the MapToEntries is considered failed. And it falls through the next step: checking whether the client user is a super user or not. If it's not, it's going to be an anonymous bind. I'm updating the memo.
Thanks! --noriko Andrey Ivanov wrote:
Hi, On the page of ldapi/auto-bind I have found the following paragraph : If "nsslapd-ldapimaptoentries" value is "on", the uid and gid are searched with the filter "(&(uidNumber=<uid>)(gidNumber=<gid>)" under the search base "nsslapd-ldapientrysearchbase". Once a matched entry is found, the client is authenticated as the entry. The uidNumber and gidNumber attribute name are configurable with "nsslapd-ldapiuidnumbertype" and "nsslapd-ldapigidnumbertype", respectively. Password is not necessary in the authentication. What happens if there are serveral entries corresponding to the abovementioned filter? The bind is refused or there is a random bind? Or it will make an anynymous bind? I think this question should be clearly defined (as it is defined in PKI external authentification avec FDS). Andrey Ivanov Direction des Systemes d'Information Ecole Polytechnique 91128 Palaiseau CEDEX France -- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
