[Dovecot] BUG: LDAP extension failed to authenticate if 'base' DN configuration is empty ''

Hendy Irawan hendy at soluvas.com
Wed Aug 1 06:53:42 EEST 2012


Dear Timo,

Thank you for your information about multiple sections! I didn't realize
that was possible.

Yes, your patch will work on at least ApacheDS 2.0.0-M7 (see
https://issues.apache.org/jira/browse/DIRSERVER-1742 ) and I would
appreciate it very much !

Hendy


Timo Sirainen wrote:
> 
> On 1.8.2012, at 1.12, Hendy Irawan wrote:
> 
>> I apologize, my previous statement were wrong. At least on ApacheDS
>> 1.5.7,
>> it doesn't search entries using the '' base DN (it doesn't give error
>> though, just cannot return results, ApacheDS requires the search base to
>> be
>> in a partition).
>> 
>> However, your patch would be great for servers who support the '' search
>> base DN.
> 
> But does my patch actually make it work in some such servers? I did it
> only as a guess. If it doesn't fix anything I'd rather just drop the
> patch.
> 
>> If I may ask, would you improve it further to accept multiple bases? I'm
>> not
>> sure what the proper character separator would be, but I think something
>> like this would work :
>> 
>> base = dc=prd,dc=berbatik,dc=com | dc=stg,dc=berbatik,dc=com
>> 
>> The proposed configuration above asks to try the two search bases in
>> succession, whichever first succeeds get logged in, else fails like
>> usual.
> 
> You can already do this by creating multiple passdb/userdb ldap sections
> with different config files. Searching multiple bases requires doing
> multiple LDAP lookups anyway.
> 


-----
http://www.Soluvas.com/ Soluvas - Making eCommerce Work for You 
-- 
View this message in context: http://old.nabble.com/BUG%3A-LDAP-extension-failed-to-authenticate-if-%27base%27-DN-configuration-is-empty-%27%27-tp34226738p34238917.html
Sent from the Dovecot mailing list archive at Nabble.com.




More information about the dovecot mailing list