[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: java api startTLS() method

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: java api startTLS() method
From: Rob Weltman <robw@coscend.com>
Date: Wed, 04 Apr 2001 09:02:40 -0700
Cc: ietf-ldapext@netscape.com
References: <5.0.2.1.0.20010403144107.00ac6070@127.0.0.1>

"Kurt D. Zeilenga" wrote:
> 
> A few more questions regarding startTLS().
> 
> Does the startTLS() taking any action due to any outstanding
> operations within the session it may be aware of?

  RFC 2830 says that a client MUST NOT attempt startTLS if there are any LDAP operations outstanding on the connection. If there are outstanding LDAP operations on the connection, an LDAPException is thrown (I see that 4.6.42 is missing the exception in its signature, although it is mentioned in the following description).

> During the processing of the startTLS() call, are there any
> restrictions placed upon the connection and its clones?

  No other operations may be issued on the connection during the processing of the call. An LDAPException is thrown if another operation is requested during the startTLS establishment.

  Clones are independent. Issuing startTLS dissociates a connection from its siblings.

>  In
> particular, how would a call to issue some other to be handled?

  I'm not sure what that means. Maybe it is answered above.

> How are referrals returned in response to the startTLS operation
> handled?

  RFC 2830 says:

   "If the server does not support TLS (whether by design or by current
   configuration), it MUST set the resultCode to protocolError (see
   section 4.1.1 of [LDAPv3]), or to referral. The server MUST include
   an actual referral value in the LDAP Result if it returns a
   resultCode of referral. The client's current session is unaffected if
   the server does not support TLS. The client MAY proceed with any LDAP
   operation, or it MAY close the connection."

  If the servere returns a referral, then startTLS returns an LDAPReferralException if the application is chasing its own referrals. If the API implementation is chasing referrals, it will do so also with a startTLS referral.

> > If the server does not support the transition to a TLS session,
> > an LDAPException is thrown with the error code UNWILLING_TO_PERFORM.
> 
> I would think the API would return whatever non-success
> result code was returned by the server in the LDAPexception.

  Yes.

Rob

Follow-Ups:
- Re: java api startTLS() method
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- java api startTLS() method
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: java api bind() methods
Next by Date: Re: java getAuthenticationMethod
Index(es):
- Chronological
- Thread