| |
@@ -1,5 +1,5 @@
|
| |
/*
|
| |
- * Copyright 2008,2009,2010,2011,2012,2013,2014 Red Hat, Inc.
|
| |
+ * Copyright 2008-2023 Red Hat, Inc.
|
| |
*
|
| |
* This Program is free software; you can redistribute it and/or modify
|
| |
* it under the terms of the GNU General Public License as published by
|
| |
@@ -2113,6 +2113,12 @@
|
| |
wrap_inc_call_level();
|
| |
if (map_rdlock() == 0) {
|
| |
if (backend_check_scope_pb(pb)) {
|
| |
+ char *target = NULL;
|
| |
+ slapi_pblock_get(pb, SLAPI_TARGET_DN, &target);
|
| |
+ slapi_log_error(SLAPI_LOG_PLUGIN, "backend_compare_cb",
|
| |
+ "Bind DN (%s) not found in map cache. "
|
| |
+ "Returning unwilling to perform\n",
|
| |
+ target ? target : "bind DN not found");
|
| |
slapi_send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM,
|
| |
NULL, NULL, 0, NULL);
|
| |
ret = -1;
|
| |
@@ -2554,6 +2560,9 @@
|
| |
backend_bind_cb_pam(Slapi_PBlock *pb, const char *username, char *ndn)
|
| |
{
|
| |
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL);
|
| |
+ slapi_log_error(SLAPI_LOG_PLUGIN, "backend_bind_cb_pam",
|
| |
+ "Not using PAM, must return invalid credentials for: %s (%s)\n",
|
| |
+ username, ndn);
|
| |
return LDAP_INVALID_CREDENTIALS;
|
| |
}
|
| |
#endif
|
| |
@@ -2588,9 +2597,9 @@
|
| |
* changes in a Kerberos principal would cause cascading effect on
|
| |
* some of entries belonging to a slapi-nis map cache.
|
| |
* 2. If bind target DN exists in LDAP store, its map cache entry
|
| |
- * will have orginal entry DN recorded. Enforcing SLAPI_BIND_TARGET_SDN
|
| |
+ * will have original entry DN recorded. Enforcing SLAPI_BIND_TARGET_SDN
|
| |
* to it will force other plugins to handle authentication request against
|
| |
- * the original because slapi-nis' map cache entry doesn't have paswords
|
| |
+ * the original because slapi-nis' map cache entry doesn't have passwords
|
| |
* recorded. To make it working, slapi-nis should be registered with higher
|
| |
* plugin ordering priority than other plugins.
|
| |
* 3. If bind target DN is not found in the map cache, bind request is rejected.
|
| |
@@ -2648,6 +2657,12 @@
|
| |
done_with_lock:
|
| |
wrap_dec_call_level();
|
| |
if (backend_check_scope_pb(pb)) {
|
| |
+ char *target = NULL;
|
| |
+ slapi_pblock_get(pb, SLAPI_TARGET_DN, &target);
|
| |
+ slapi_log_error(SLAPI_LOG_PLUGIN, "backend_bind_cb",
|
| |
+ "Bind DN (%s) not found in map cache. "
|
| |
+ "Returning invalid credentials\n",
|
| |
+ target ? target : "bind DN not found");
|
| |
slapi_send_ldap_result(pb, LDAP_INVALID_CREDENTIALS,
|
| |
NULL, NULL, 0, NULL);
|
| |
ret = -1;
|
| |
@@ -2855,6 +2870,12 @@
|
| |
wrap_inc_call_level();
|
| |
if (map_rdlock() == 0) {
|
| |
if (backend_check_scope_pb(pb)) {
|
| |
+ char *target = NULL;
|
| |
+ slapi_pblock_get(pb, SLAPI_TARGET_DN, &target);
|
| |
+ slapi_log_error(SLAPI_LOG_PLUGIN, "backend_compare_cb",
|
| |
+ "Bind DN (%s) not found in map cache. "
|
| |
+ "Returning unwilling to perform\n",
|
| |
+ target ? target : "bind DN not found");
|
| |
slapi_send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM,
|
| |
NULL, NULL, 0, NULL);
|
| |
ret = -1;
|
| |