[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPBind needs - java-api-11 draft - resend

To: <ietf-ldapext@netscape.com>, <rweltman@netscape.com>, "Alan Clark" <ACLARK@novell.com>, "Jim Sermersheim" <JIMSE@novell.com>, "Steven Merrill" <SMERRILL@novell.com>
Subject: Re: LDAPBind needs - java-api-11 draft - resend
From: "Steve Sonntag" <VTAG@novell.com>
Date: Thu, 07 Sep 2000 16:38:29 -0600
Content-disposition: inline

Resend - properly indicating where comments are

Steve Sonntag wrote:

>  Re: LDAPBind as defined in draft-ietf-ldapext-ldap-java-api-11.txt It
> is unclear from the draft how the LDAPConnection object must beused by
> an application implementing the LDAPBind interface. I am guessing that
> the LDAPConnection object passed to the bind()method of the LDAPBind
> implementation is a new LDAPConnection objectcreated by automatic
> referall following code in the original LDAPConnectionobject. The
> object contains the  AuthenticationDN andAuthenticationPassword from
> the LDAPConnection that the continuationreference was received on. The
> Host and Port are filled in from thereferral/reference host & port.
> When passed to the bind() method,neither connect nor bind has been
> performed on this LDAPConnection object. In order to make this work, I
> believe the iimplementation of theLDAPBind.bind() method MUST use the
> LDAPConnection object, whichwas passed as a parameter, to perform its
> connect and bind calls.It then returns success if both operations
> succeed.  The originalLDAPConnection object referral handling code can
> then use thenew LDAPConnection object when it resends the search
> request,updated with the new search base and possibly search filter.

It is also necessary that the application implementing the LDAPBind.bind()
method use a synchronous bind do bind to the referred-to-server, or
if using an asyncronous bind, it must wait until the bind operation has
completed before returning status.

-Steve
>
>
>
>
>
>
>   The above should be clarified in the draft. It seems that the
> LDAPRebind interface would be easier to implement ifadditional data
> were provided in the new LDAPConnection object.  Such as: 1. A
> reference to the LDAPSocketFactory class from the original
> LDAPConnection    object.  This allows it to connect in the same way
> as the original connection.2. An LDAPConstraints object containing a
> reference to the LDAPRebind object    from the original LDAPConnection
> object.  The LDAPBind.bind() method may    want to get authentication
> information using and LDAPRebindAuth object, and    this gives it a
> way to do that.3. The protocol version used in the connect/bind of the
> original object.  This allows    The LDAPBind.bind function to bind
> with same protocol version used in the    original connection.4. The
> mechanism used when binding.  This could be the mechanism used on
> the    bind in the original LDAPConnection object, or perhaps
> LDAPRebindAuth could    be modified to provide the triplet - UserDN,
> Password, and Mechanism for the    specified host. IMO the above
> changes would give the application, using explicit bind, greater
> flexibilitywhen dealing with referrals / continuation references
> during automatic referralfollowing: Comments? Thanks, Steve

Prev by Date: Reverral vs Continuation Reference - java-api-11 draft
Next by Date: LDAPBind needs - java-api-11 draft
Index(es):
- Chronological
- Thread