Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2

[Michael Ströder <michael@stroeder.com>]

Pierangelo Masarati wrote:
> > OK, that's a problem - at least in theory, since I've never heard
> > anyone complain that they can't use zero octets in passwords.
> > But I still don't think sufficient reason to deprecate it.
> > It's useful in most cases, and when it is useful, it works fine.
>
> unicodePwd contains lots of zeros (about half of its length ;)

But you won't send the credentials as UTF-16-LE encoded string in the simple 
bind request. Even with M$ AD you have to send textual passwords as UTF-8 
encoded Unicode.

As I understand Kurt if you're deploying a proprietary simple bind mechanism 
which uses NULL chars you're lost with ldap_simple_bind().

Still I also believe ldap_sasl_bind() is misnamed if it should be used for 
simple bind from now on.

Ciao, Michael.