[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: start_tls while chasing referrals

Bin Lu wrote:
> Hi,
> I noticed the following bug fix in referral chasing
> http://bugzilla.padl.com/show_bug.cgi?id=210
> This seems only to take care of the usage with pam ldap lib. What if
> the ldap connection is not from the pam lib? In that case, when an
> ldap operation reaches a referral point, would the new connection be
> consistent if the original connection is using TLS(and the referral
> url is not using ldaps)? Our test shows it is not. Please advice, if
> that is also a security hole?
> Regards,
> Wenwu


You must be using an old version of OpenLDAP (you do not mention which

This was actioned and fixed in 2005:



Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).