Howard Chu wrote: > The rebind-as-user option was originally only used when chasing referrals. > With > the current code, your choices are to use proxyAuthz to assert a user identity > on reconnect, or simply fail instead of reconnecting. Personally I'd lean > towards > the latter. For shared connections retrying is still appropriate, because we > only > share connections for special cases, like rootdn usage where we already know > we > can establish the correct credentials.
Ok, thanks. I would like to work with this issue (in context of [1]). To summarize my understanding: when proxy currently would retry non-shared connection, it can fail instead and disconnect the client. Client can then continue by re-establishing connection and binding again. -- Tero [1] https://bugs.openldap.org/show_bug.cgi?id=9468
