[Date Prev][Date Next] [Chronological] [Thread] [Top]

Critical client controls stop ldap_unbind()

ldap_unbind() & co fail without doing anything if a critical client
control is set with ldap_set_option() or passed to ldap_unbind_ext_s().
This seems wrong, since ldap_unbind() has always been documented as the
way to both close the connection and free the LDAP structure.

Yet if some code does set a critical client control, that might be a
hack to get exactly this functionality: Temporarily protect the LDAP*
from being destroyed by some other code.

Server controls do not prevent the Unbind.  RFC 4511 says the
criticality field MUST be ignored for Unbind controls.  But that's
in the protocol.  Client controls are an LDAP API invention.

I don't know which solution to pick.  Opinions?

Maybe we should deprecate ldap_unbind... calls now that we
have ldap_destroy().  That function also sends an Unbind if it can.
But that doesn't affect existing code using ldap_unbind...().

  LDAPControl ctrl = {"", {0,""}, 1}, *ctrls[] = {&ctrl, NULL};
  LDAP *ld = ldap_open("ldap", LDAP_PORT);
  ldap_set_option(ld, LDAP_OPT_CLIENT_CONTROLS, ctrls);
  ldap_unbind_ext_s(ld, NULL, NULL);
  /* Connection remains open here... */