s/brabs/grabs/

On Fri, Jun 17, 2011 at 12:41 PM, Adam Allred <prozaconsti...@gmail.com> wrote:
> I've been looking into this for a few days now, and I have a few
> questions about the code that aren't directly SASL related, but do
> affect it:
>
> Within the startSASL function in ds_ldap.php, I have modified the code
> to check the SASL mechanism, and call ldap_start_sasl in a different
> way if the mechanism is the GSSAPI. With my LDAP server, the
> translation of a kerberos pricncipal to a bind DN is done server-side,
> meaning that the ldap_sasl_bind call is done without a bind DN or
> password. All I pass in is the authc_id out of the cache, and
> ldap_sasl_bind brabs the kerberos pricipal that I get via apache auth,
> passes that to the LDAP server, and the LDAP server does the rest.
>
> This works for me. debug output shows a successful bind, and a query
> for the tree structure for the LDAP server, and all looks well on the
> interface.
>
> But, any subsequent action that requires another LDAP query causes an
> infinite redirect, and the debug output indicates that the
> successfully bound connection is not located in the cache, and it
> tries to build a new connection with an invalid DN of 'user'.
>
> It seems like the application has a dependence on a bind_dn existing,
> and if it doesn't then it starts to behave erratically. I've dug
> through the code trying to find and correct any areas where a bind_dn
> being null leads to undesired behaviour, and have found a few cases in
> the connect function in ds_ldap.php, but the problem still persists.
>
> My question is: Am I correct in my suggestion that not having a
> bind_dn causes bad behavior...and if so, where are these checks
> implemented, or where are there assumptions that a bind_dn exists? Is
> the bind_dn used as a key for pulling a bound LDAP resource out of the
> cache (and where in the code is that, because I cannot locate it)?
>
>
> Adam
>
>
> On Tue, Jun 14, 2011 at 12:02 AM, Deon George
> <wur...@users.sourceforge.net> wrote:
>> In PLA 1.2.x, there is code for SASL connections, however the code wasnt
>> written by me.
>>
>> As I dont have an SASL environment, it hasnt been tested or bug fixed
>> (if it doesnt work).
>>
>> I'll gladly accept patches to fix it up if its not working.
>>
>> ...deon
>>
>>
>> ------------------------------------------------------------------------------
>> EditLive Enterprise is the world's most technically advanced content
>> authoring tool. Experience the power of Track Changes, Inline Image
>> Editing and ensure content is compliant with Accessibility Checking.
>> http://p.sf.net/sfu/ephox-dev2dev
>> _______________________________________________
>> phpldapadmin-users mailing list
>> phpldapadmin-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
>>
>

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
phpldapadmin-users mailing list
phpldapadmin-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users

Reply via email to