[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: mutiple sasl_bind within the same ldap session (ITS#2424)

> -----Original Message-----
> From: Igor Brezac [mailto:igor@ipass.net]

> On Sun, 6 Apr 2003, Howard Chu wrote:

> > A way to make this work is to use two SASL Bind requests -
> one with no mech
> > or parameters, simply to shutdown the current SASL session,
> and then the real
> > Bind using the new SASL context. This approach needs to be
> endorsed by both
> > the SASL and LDAP protocol designers.
> >
> > Having spelled this all out, I leave it in your hands.
> The second option appears easier to implement, no changes on
> the server side.  Correct?

The server needs to be modified to support this behavior. The changes are
complicated by dependencies on TLS to support SASL/EXTERNAL.

> Or, what is worng with sasl_bind() doing a close
> and then open before it proceeds?

Nothing is wrong with this; that would make the most sense on the client

Feel free to submit patches implementing these changes.
  -- Howard