[Date Prev][Date Next]
Re: LDAP_DEPRECATED in OPENLDAP_REL_ENG_2_2
At 02:27 AM 12/22/2003, Michael Ströder wrote:
>As I understand Kurt if you're deploying a proprietary simple bind mechanism which uses NULL chars you're lost with ldap_simple_bind().
My first point is that a password containing zero-valued octets
is quite valid yet ldap_simple_bind, in tended to be a low
level interface to the Simple bind operation, cannot produce
My second point, if one assumes ldap_simple_bind is a higher
level interface dealing with passwords composed of character
data, then ldap_simple_bind() lacks key functionality needed
to support such. In particular, ldap_simple_bind doesn't
"prepare" the passwords for matching.
Lastly, it was noted, that ldap_simple_bind() is one of few
new APIs interfaces which doesn't support controls.
Hallvard's point that maybe deprecating ldap_simple_bind should
wait until there is more suitable replacement than ldap_sasl_bind
is well taken. ldap_simple_bind_ext will be coming soon.
Of course, maybe we should just give up on trying to "fix" this
library and just write a new one... I've been quite close to
doing this before (I've actually started doing it a few times),
but it's more work than I want to take on right now.