libldap v3.3 referral bug on kerberized Modify operation

Jeff.Hodges@Stanford.EDU
Tue, 09 Jul 96 13:47:06 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gordon Good: "Re: libldap v3.3 referral bug on kerberized Modify operation"
Previous message: Gordon Good: "Re: LDAP on BSD/OS Release 2.1"
Next in thread: Gordon Good: "Re: libldap v3.3 referral bug on kerberized Modify operation"

I've noticed that it looks like the libldap (i.e. the ldap client-side stub
code) has a bug wherein if I bind (kerberized) to one of my slapd slaves, and
attempt a modify, the slave returns a referral to my ldap stub pointing to the
master. But in the subsequent bind to the master, my DN is left out of the bind
info, and so I am not authenticated properly and the MOD operation is denied.
Log output below.

thanks,

Jeff

On the slave...
conn=5523 fd=18 connection from unknown (36.53.0.147)
conn=5523 op=0 BIND dn="cn=Jeffrey D Hodges,ou=People,o=Stanford
University,c=US" method=128
conn=5523 op=0 RESULT err=0 tag=97 nentries=0
conn=5523 op=1 MOD dn="cn=Jeffrey D Hodges,ou=People,o=Stanford
University,c=US"
conn=5523 op=1 RESULT err=9 tag=103 nentries=0 <== LDAP_PARTIAL_RESULTS
conn=5523 op=2 UNBIND
conn=5523 op=2 fd=18 closed errno=0

Then, on the master...
conn=26630 fd=12 connection from unknown (36.53.0.147)
conn=26630 op=0 BIND dn="" method=128 <=== *** No DN!
conn=26630 op=0 RESULT err=0 tag=97 nentries=0
conn=26630 op=1 MOD dn="cn=Jeffrey D Hodges,ou=People,o=Stanford
University,c=US"
conn=26630 op=1 RESULT err=50 tag=103 nentries=0 <== LDAP_INSUFFICIENT_ACCESS
conn=26630 op=2 UNBIND
conn=26630 op=2 fd=12 closed errno=0

Next message: Gordon Good: "Re: libldap v3.3 referral bug on kerberized Modify operation"
Previous message: Gordon Good: "Re: LDAP on BSD/OS Release 2.1"
Next in thread: Gordon Good: "Re: libldap v3.3 referral bug on kerberized Modify operation"