[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP handle structural integrity function

To: Khaled Blah <khaled.blah@googlemail.com>
Subject: Re: LDAP handle structural integrity function
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Fri, 8 Jul 2011 14:22:22 +0100
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CABmXsT8t7rRXpaQwk1KtmKyu3_+gOKjr9-pO427-BXOs82y+7Q@mail.gmail.com>
References: <CABmXsT8t7rRXpaQwk1KtmKyu3_+gOKjr9-pO427-BXOs82y+7Q@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Fri, Jul 08, 2011 at 01:57:29PM +0200, Khaled Blah wrote:

> I use OpenLDAP in an authentication project and I would like to
> correctly deal with fauly networks. I mean networks that have packet
> losses and such.

You do not need to worry about that at the LDAP level, as TCP
deals with it at the transport level.

> That is why I would like to know whether there is a function in
> OpenLDAP which allows to check (and maybe sanitize) possibly corrupted
> sockets associated with the LDAP handle?

If you are really concerned about corrupted data due to malicious causes
then you should use TLS. The combination of TCP, stream encryption,
and LDAP protocol checks should catch almost any corruption.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Follow-Ups:
- Re: LDAP handle structural integrity function
  - From: Khaled Blah <khaled.blah@googlemail.com>

References:
- LDAP handle structural integrity function
  - From: Khaled Blah <khaled.blah@googlemail.com>

Prev by Date: Re: getent passwd always return 1065 users
Next by Date: Re: Simple Bind w/TLS without SASL/Kerberos possible to AD?
Index(es):
- Chronological
- Thread