> Hi folks, > > When clients bind with a provider and the provider's loglevel is set > to stats, bind events show up frequently in the log. Often, some > logged bind events have only a blank dn along with a "method" code. > Here are two separate examples: > > slapd[903]: conn=1021 op=0 BIND dn="" method=128 > > slapd[903]: conn=1020 op=0 BIND dn="" method=163
There lines are intended to log a bind request; a second line will indicate the mechanism used and the resulting ssf. > Two questions: > > 1.) What do these method codes mean? Perhaps there list somewhere > that explains all possible method codes. See LDAP_AUTH_* macros in ldap.h; 128 (0x80) means SIMPLE; 163 (0xa3) means SASL. > 2.) When a method code is shown, as in the examples above, why is > the value for the dn empty? An empty DN is perfectly legitimate in both bind methods illustrated above. In the case of SIMPLE bind it indicates anonymous; in the case of SASL bind the requested DN is not relevant; the actual DN will be constructed according to the mechanism, and might eventually be mapped according to authz-regexp directives. p.
