Hi Gabor, On Fri, Jun 17, 2011 at 07:53:14AM +0200, Gabor Lekeny wrote: > Dear all, > > The bind operation is quite complex in LDAP: > http://tools.ietf.org/html/rfc4511#section-4.2 > > It could be simple (anonymous or name/password authentication) or SASL. I > only implemented anonymous bind because it is very simple and using other > authentication send data must be encoded in ASN.1 syntax ( > http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One). > > I suggest 2 solutions for the problem: > 1. modifying LDAP server ACLs to allow bind for anonymous (eg. openldap: > http://www.openldap.org/doc/admin24/access-control.html) > 2. changing the HAproxy code to accept resultCode 49: invalidCredentials ( > http://tools.ietf.org/html/rfc4513#section-5.1.3)
Thank you very much for all these details. Christopher, is it possible for you to do #1, or should we try to implement support for #2 ? Regards, Willy
