[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bind fallback

To: Michael B Allen <mba2000@ioplex.com>
Subject: Re: bind fallback
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 28 Aug 2006 09:01:23 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <20060827174710.502ac813.mba2000@ioplex.com>
References: <20060827174710.502ac813.mba2000@ioplex.com>

At 02:47 PM 8/27/2006, Michael B Allen wrote:
>If I call ldap_sasl_interactive_bind_s and it fails (e.g. because of a
>bug [1]) and then call ldap_simple_bind_s as a fallback it hangs. If I
>ldap_init again before calling ldap_simple_bind_s the fallback works. Is
>this expected behavior or is the bind state not being reset properly?

I am going to say "yes" here.  The connection is hosed as the
client not grok'ing the server's malformed response.  The proper
way to reset the connection is to drop the connection. You didn't
do that.

>I'm using 2.2.29 on Fedora Core 3.

Ando noted that later versions of libldap better handle the server's
malformed response.

>Also, should I deinitialize the LDAP object?

In general, one should re-connect before trying a fallback
authentication method to a SASL exchange when an API error
code (as opposed to protocol result code) is reported by ldap_sasl_interactive_bind_s(3).  This because one cannot
determine the server's state from an API error code.

Kurt

References:
- bind fallback
  - From: Michael B Allen <mba2000@ioplex.com>

Prev by Date: Re: bind fallback
Next by Date: Re: is_utf8 function for ldapsearch w/ UTF-8 strings
Index(es):
- Chronological
- Thread