[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls while chasing referrals

To: Bin Lu <wenwu.lu@gmail.com>
Subject: Re: start_tls while chasing referrals
From: Gavin Henry <ghenry@suretecsystems.com>
Date: Fri, 06 Jul 2007 11:29:52 +0100
Cc: openldap-bugs <openldap-bugs@openldap.org>
In-reply-to: <ff16e1ea0706051511y7cfebba3oea3e1c6e8bd18f79@mail.gmail.com>
Organization: Suretec Systems Ltd.
References: <ff16e1ea0706051511y7cfebba3oea3e1c6e8bd18f79@mail.gmail.com>
User-agent: Thunderbird 2.0.0.4 (X11/20070604)

Bin Lu wrote:
> Hi,
> 
> I noticed the following bug fix in referral chasing
> 
> http://bugzilla.padl.com/show_bug.cgi?id=210
> 
> This seems only to take care of the usage with pam ldap lib. What if
> the ldap connection is not from the pam lib? In that case, when an
> ldap operation reaches a referral point, would the new connection be
> consistent if the original connection is using TLS(and the referral
> url is not using ldaps)? Our test shows it is not. Please advice, if
> that is also a security hole?
> 
> Regards,
> Wenwu

Hi,

You must be using an old version of OpenLDAP (you do not mention which
version).

This was actioned and fixed in 2005:

http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3791;selectid=3791;usearchives=1;statetype=-1

Thanks.


-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Prev by Date: Re: (ITS#5041) ldapwhoami takes unused "user" arg
Next by Date: Re: imporvement to slapo-constraint (ITS#4987)
Index(es):
- Chronological
- Thread