OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Archive.Incoming/30
Full headers

From: opoplawski@cqg.com
Subject: slapd compatability with Microsoft Outlook 98
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 30 Dec 1998 22:50:37 GMT
From: opoplawski@cqg.com
To: openldap-its@OpenLDAP.org
Subject: slapd compatability with Microsoft Outlook 98
Full_Name: Orion Poplawski
Version: 1.1.1
OS: HP-UX 10.20
URL: 
Submission from: (NULL) (206.196.156.198)


Using the "Start->Find->People" Windows functionality provided by
Microsoft
Outlook 98 results in the following connection activity with slapd (the same
behavior is exhibited when doing address searches in Outlook 98, but this is
simpler to test with):

# /usr/local/libexec/slapd -d 8 
slapd starting
listening for connections on 3, activity on:
before select active_threads 0
select activity on 1 descriptors
new connection on 5
activity on:
listening for connections on 3, activity on: 5r
before select active_threads 0
select activity on 1 descriptors
activity on: 5r
read activity on 5
unknown version 3
listening for connections on 3, activity on: 5r
before select active_threads 0
select activity on 1 descriptors
new connection on 6
activity on:
listening for connections on 3, activity on: 5r 6r
before select active_threads 0
select activity on 1 descriptors
activity on: 6r
read activity on 6
listening for connections on 3, activity on: 5r 6r
before select active_threads 0
select activity on 1 descriptors
activity on: 6r
read activity on 6
listening for connections on 3, activity on: 5r 6r
before select active_threads 0
select activity on 1 descriptors
activity on: 6r
read activity on 6
listening for connections on 3, activity on: 5r
before select active_threads 0

As you can see, the first connection is left open.  netstat reports:

tcp        0      0  cqg1.ldap              bnworion.bvt.com.2017  ESTABLISHED
tcp        0      0  *.ldap                 *.*                    LISTEN

This is left open until the find application (or Outlook 98) is closed.  This is
repeated for each query, so you can build up a LOT of stale connections pretty
quickly.

My solution has been to implement a socket close in "servers/slapd/bind.c", but
there probably is a better way.


Followup 1

Download message
Date: Wed, 30 Dec 1998 17:27:42 -0800
To: opoplawski@cqg.com
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Subject: Re: slapd compatability with Microsoft Outlook 98  (ITS#30)
Cc: openldap-its@OpenLDAP.Org
At 10:50 PM 12/30/98 GMT, opoplawski@cqg.com wrote:
>Full_Name: Orion Poplawski
>Version: 1.1.1
>OS: HP-UX 10.20
>URL: 
>Submission from: (NULL) (206.196.156.198)
>
>
>Using the "Start->Find->People" Windows functionality provided by
Microsoft
>Outlook 98 results in the following connection activity with slapd (the same
>behavior is exhibited when doing address searches in Outlook 98, but this is
>simpler to test with):
>
>As you can see, the first connection is left open.  netstat reports:
>
>tcp        0      0  cqg1.ldap              bnworion.bvt.com.2017 
ESTABLISHED
>tcp        0      0  *.ldap                 *.*                    LISTEN
>
>This is left open until the find application (or Outlook 98) is closed.

Sounds like an MS Outlook 98 bug to me...

>This is
>repeated for each query, so you can build up a LOT of stale connections
pretty
>quickly.

>My solution has been to implement a socket close in "servers/slapd/bind.c",
but
> there probably is a better way.

This is not a proper solution.  The client may want to attempt another
operation (like a v2 bind).  The server should not arbitarily close
the connection.

The proper solution is to have Microsoft fix their client to attempt
to v2 bind if the v3 bind fails (and to properly ldap_unbind() any
unused LDAP sessions).

Kurt


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org