[Dovecot] BUG: LDAP extension failed to authenticate if 'base' DN configuration is empty ''
Hendy Irawan
hendy at soluvas.com
Wed Aug 1 06:53:42 EEST 2012
Dear Timo,
Thank you for your information about multiple sections! I didn't realize
that was possible.
Yes, your patch will work on at least ApacheDS 2.0.0-M7 (see
https://issues.apache.org/jira/browse/DIRSERVER-1742 ) and I would
appreciate it very much !
Hendy
Timo Sirainen wrote:
>
> On 1.8.2012, at 1.12, Hendy Irawan wrote:
>
>> I apologize, my previous statement were wrong. At least on ApacheDS
>> 1.5.7,
>> it doesn't search entries using the '' base DN (it doesn't give error
>> though, just cannot return results, ApacheDS requires the search base to
>> be
>> in a partition).
>>
>> However, your patch would be great for servers who support the '' search
>> base DN.
>
> But does my patch actually make it work in some such servers? I did it
> only as a guess. If it doesn't fix anything I'd rather just drop the
> patch.
>
>> If I may ask, would you improve it further to accept multiple bases? I'm
>> not
>> sure what the proper character separator would be, but I think something
>> like this would work :
>>
>> base = dc=prd,dc=berbatik,dc=com | dc=stg,dc=berbatik,dc=com
>>
>> The proposed configuration above asks to try the two search bases in
>> succession, whichever first succeeds get logged in, else fails like
>> usual.
>
> You can already do this by creating multiple passdb/userdb ldap sections
> with different config files. Searching multiple bases requires doing
> multiple LDAP lookups anyway.
>
-----
http://www.Soluvas.com/ Soluvas - Making eCommerce Work for You
--
View this message in context: http://old.nabble.com/BUG%3A-LDAP-extension-failed-to-authenticate-if-%27base%27-DN-configuration-is-empty-%27%27-tp34226738p34238917.html
Sent from the Dovecot mailing list archive at Nabble.com.
More information about the dovecot
mailing list