[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7694) cldap fails with IPv6 due to wrong size sockaddr
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7694) cldap fails with IPv6 due to wrong size sockaddr
- From: stefw@redhat.com
- Date: Thu, 10 Oct 2013 12:45:33 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
On 10.10.2013 13:59, Howard Chu wrote:
> Stef Walter wrote:
>> On 10.10.2013 12:59, Howard Chu wrote:
>>> stefw@redhat.com wrote:
>>>> Full_Name: Stef Walter
>>>> Version: 2.4.35
>>>> OS: Fedora 19
>>>> Submission from: (NULL) (46.5.2.70)
>>>>
>>>>
>>>> Connectionless LDAP (ie: cldap enabled with -DLDAP_CONNECTIONLESS) is
>>>> broken for
>>>> IPv6 for current versions of openldap. Tested with version 2.4.35
>>>>
>>>> It's not clear if this ever worked properly.
>>>
>>> No, clearly not, the code was written and deprecated before IPv6
>>> existed. Nobody should be using this code today.
>>
>> Interesting. FWIW, the code is packaged by RHEL and Fedora, and is in
>> use by several projects.
>
> Can you list any of these, offhand? The original spec, RFC1798, is long
> obsoleted. There is no such thing as CLDAP in LDAPv3. Support in
> OpenLDAP was first removed back in 2000. (commit
> 25a9f7427ddc1b584a721ceb0e12690a96d3639e )
> Any apps using this must be quite ancient code and in serious need of a
> rewrite.
Well, there's still lots of libldap client code around to support LDAP
over UDP. Guarded with LDAP_CONNECTIONLESS #defines, and one can use
"cldap://xxxx"; urls with ldap_initialize() and do basic cldap searches
and so on.
Windows Server is accessed via CLDAP during discovery. Although there is
normative documentation for this, it's easier to understand via these
descriptions:
http://wiki.wireshark.org/MS-CLDAP
https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryDNSSites#SendingtheCLDAPping
So things like samba, IPA, realmd, adcli, and so on ... use and support
cldap for talking with AD. I know Samba has reimplemented cldap but the
others use libldap for this.
Cheers,
Stef