PTS & LDAP Take 3
timp at crossthread.com
Mon Jan 19 00:04:01 EST 2004
Igor Brezac wrote:
>You could use ldap_whoami() instead of the first query.
Where does that come from?
>>>You do not need to do anything with this. The identifier is passed to pts
>>>for canonicalization, the group is not validated.
>>I don't see this in ldap.c. The identifier group:xxx gets passed into
>>pts as the identifier and rejected by the canonicalizer because of the
>>colon. So the canonicalized identifer is null throughout the rest of the
>>code. I don't see a test for group: anywhere ( or in afskrb.c either ).
>>So assuming that we just want to make sure that the group name is valid,
>>and that the canonicalizer should be fixed to recognize group:xxx
>>syntax, what then am I suppose to do with it? Returning NULL seems to Do
>>Bad Things, and I don't see an entry for canonicalized group in the
>Have you tried to step through the program with gdb or other debugger?
No, ldap.c doesn't work for me at all. If there are no memberOf
attributes, it dies and user authentication fails (!). I guess I could
setup a test user and step through it, but I did see what was happening
at least in my adaptation of ldap.c. Canonicalization (of a group) was
returning null because of the colon. So what use is it? There are enough
unknowns that I would like to get cleared up if at all possible. I was
hoping someone from CMU would be able to help advise.
More information about the Info-cyrus