[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7694) cldap fails with IPv6 due to wrong size sockaddr

On 10.10.2013 13:59, Howard Chu wrote:
> Stef Walter wrote:
>> On 10.10.2013 12:59, Howard Chu wrote:
>>> stefw@redhat.com wrote:
>>>> Full_Name: Stef Walter
>>>> Version: 2.4.35
>>>> OS: Fedora 19
>>>> Submission from: (NULL) (
>>>> Connectionless LDAP (ie: cldap enabled with -DLDAP_CONNECTIONLESS) is
>>>> broken for
>>>> IPv6 for current versions of openldap. Tested with version 2.4.35
>>>> It's not clear if this ever worked properly.
>>> No, clearly not, the code was written and deprecated before IPv6
>>> existed. Nobody should be using this code today.
>> Interesting. FWIW, the code is packaged by RHEL and Fedora, and is in
>> use by several projects.
> Can you list any of these, offhand? The original spec, RFC1798, is long
> obsoleted. There is no such thing as CLDAP in LDAPv3. Support in
> OpenLDAP was first removed back in 2000. (commit
> 25a9f7427ddc1b584a721ceb0e12690a96d3639e )
> Any apps using this must be quite ancient code and in serious need of a
> rewrite.

Well, there's still lots of libldap client code around to support LDAP
over UDP. Guarded with LDAP_CONNECTIONLESS #defines, and one can use
"cldap://xxxx"; urls with ldap_initialize() and do basic cldap searches
and so on.

Windows Server is accessed via CLDAP during discovery. Although there is
normative documentation for this, it's easier to understand via these


So things like samba, IPA, realmd, adcli, and so on ... use and support
cldap for talking with AD. I know Samba has reimplemented cldap but the
others use libldap for this.