Skip to content

ITS#10165 back-meta fails to bind to target when proxying an internal operation

Nadezhda Ivanova requested to merge nivanova/openldap:its10165 into master

For some reason meta would skip calling meta_back_proxy_authz_cred if op->o_do_not_cache is set. This is redundant, since meta_back_proxy_authz_cred does have a check for this. When meta_back_proxy_authz_cred is skipped, the dn/cred combo is not initialized correctly, and instead of the proper sasl bind, meta attempts an anonymous bind, with dn, which the target server rejects. Invoking meta_back_proxy_authz_cred makes meta behave exactly like back-ldap in the same scenario, which seems to be the correct behavior.

Merge request reports

Loading