[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
failed bind vs. authorization identity
It's dangerous to look to closely at an internet-draft...
authmeth 4.2 (Anonymous Authorization After Failed Bind) says:
> Upon receipt of a Bind request, the LDAP session is moved to an
> anonymous state and only upon completion of the authentication
> exchange (and the Bind operation) with a resultCode of success is
> the LDAP session moved to an authenticated state. Thus, a failed
> Bind operation produces an anonymous authorization state.
If an already authenticated user does a Bind and receives non-success,
does he then know that the session has reverted to anonymous?
Even if he got unavailableCriticalExtension, which means the server
"MUST NOT perform the operation" ([Prococol] 4.1.11. Controls)?
Or invalidDNSyntax?
How about protocolError - that can be either a valid Bind request with
an unsupported version number, or genuine protocol error.
What is a Bind request anyway? Any LDAPMessage with the [APPLICATION 0]
tag? Any message which parses as a valid BindRequest from the ASN.1 in
[protocol] 4.2(Bind Operation)? Is it still a Bind request if the
LDAPMessage is itself is valid, but it contains a control which is
invalid according to its control spec?
--
Hallvard