s/brabs/grabs/ On Fri, Jun 17, 2011 at 12:41 PM, Adam Allred <prozaconsti...@gmail.com> wrote: > I've been looking into this for a few days now, and I have a few > questions about the code that aren't directly SASL related, but do > affect it: > > Within the startSASL function in ds_ldap.php, I have modified the code > to check the SASL mechanism, and call ldap_start_sasl in a different > way if the mechanism is the GSSAPI. With my LDAP server, the > translation of a kerberos pricncipal to a bind DN is done server-side, > meaning that the ldap_sasl_bind call is done without a bind DN or > password. All I pass in is the authc_id out of the cache, and > ldap_sasl_bind brabs the kerberos pricipal that I get via apache auth, > passes that to the LDAP server, and the LDAP server does the rest. > > This works for me. debug output shows a successful bind, and a query > for the tree structure for the LDAP server, and all looks well on the > interface. > > But, any subsequent action that requires another LDAP query causes an > infinite redirect, and the debug output indicates that the > successfully bound connection is not located in the cache, and it > tries to build a new connection with an invalid DN of 'user'. > > It seems like the application has a dependence on a bind_dn existing, > and if it doesn't then it starts to behave erratically. I've dug > through the code trying to find and correct any areas where a bind_dn > being null leads to undesired behaviour, and have found a few cases in > the connect function in ds_ldap.php, but the problem still persists. > > My question is: Am I correct in my suggestion that not having a > bind_dn causes bad behavior...and if so, where are these checks > implemented, or where are there assumptions that a bind_dn exists? Is > the bind_dn used as a key for pulling a bound LDAP resource out of the > cache (and where in the code is that, because I cannot locate it)? > > > Adam > > > On Tue, Jun 14, 2011 at 12:02 AM, Deon George > <wur...@users.sourceforge.net> wrote: >> In PLA 1.2.x, there is code for SASL connections, however the code wasnt >> written by me. >> >> As I dont have an SASL environment, it hasnt been tested or bug fixed >> (if it doesnt work). >> >> I'll gladly accept patches to fix it up if its not working. >> >> ...deon >> >> >> ------------------------------------------------------------------------------ >> EditLive Enterprise is the world's most technically advanced content >> authoring tool. Experience the power of Track Changes, Inline Image >> Editing and ensure content is compliant with Accessibility Checking. >> http://p.sf.net/sfu/ephox-dev2dev >> _______________________________________________ >> phpldapadmin-users mailing list >> phpldapadmin-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users >> >
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ phpldapadmin-users mailing list phpldapadmin-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
