-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/26/2010 12:02 PM, Sumit Bose wrote: > Hi, > > this patch add a rebind proc which uses the same credentials used for > the primary server to authenticate to the second server when doing > referral chasing. > > There are two important things to keep in mind: > - as already mentioned we use the same credentials for both connections, > i.e. if TLS is used on the first connection, it will be used un the > second too. If GSSAPI is use for the first server it will be used for > the second server with the same realm/KDC/keytab settings. If we want > different credentials and authentication schemes for different server > we should address this in a separate patch. > - everything is synchronous, let me repeat: synchronous. From 'man > ldap_set_rebind_proc': "The rebind function must use a synchronous > bind method." > > I have tested this patch against an OpenLDAP server with GSSAPI and > simple bind with and without TLS. > > This patch should fix ticket #495.
Nothing we can do to avoid a synchronous bind here. This is the best we can do. Ack. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzHFpkACgkQeiVVYja6o6NqIQCfbUFRyfWMilJyvBkY6sYF8wpa eMoAoIzaOD0qEuP5XzSnGR9pzXaw5xqS =RuMn -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel