[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2

To: Michael Ströder <michael@stroeder.com>
Subject: Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 22 Dec 2003 13:00:18 -0800
Cc: ando@sys-net.it, h.b.furuseth@usit.uio.no, openldap-devel@OpenLDAP.org
In-reply-to: <3FE6C70C.6050004@stroeder.com>
References: <HBF.20031217omsv@bombur.uio.no> <3FE15F38.90700@stroeder.com> <6.0.0.22.0.20031218055253.042f7a38@127.0.0.1> <HBF.20031218ufbk@bombur.uio.no> <6.0.0.22.0.20031218070149.042a95f8@127.0.0.1> <HBF.20031222mbjf@bombur.uio.no> <39511.131.175.154.56.1072088551.squirrel@webmail.sys-net.it> <3FE6C70C.6050004@stroeder.com>

At 02:27 AM 12/22/2003, Michael Ströder wrote:
>As I understand Kurt if you're deploying a proprietary simple bind mechanism which uses NULL chars you're lost with ldap_simple_bind(). 

My first point is that a password containing zero-valued octets
is quite valid yet ldap_simple_bind, in tended to be a low
level interface to the Simple bind operation, cannot produce
such.

My second point, if one assumes ldap_simple_bind is a higher
level interface dealing with passwords composed of character
data, then ldap_simple_bind() lacks key functionality needed
to support such.  In particular, ldap_simple_bind doesn't
"prepare" the passwords for matching.

Lastly, it was noted, that ldap_simple_bind() is one of few
new APIs interfaces which doesn't support controls.

Hallvard's point that maybe deprecating ldap_simple_bind should
wait until there is more suitable replacement than ldap_sasl_bind
is well taken.  ldap_simple_bind_ext will be coming soon.

Of course, maybe we should just give up on trying to "fix" this
library and just write a new one...  I've been quite close to
doing this before (I've actually started doing it a few times),
but it's more work than I want to take on right now.

Kurt

Follow-Ups:
- RE: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: Michael Ströder <michael@stroeder.com>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: RE: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
Next by Date: Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
Index(es):
- Chronological
- Thread