[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_bind_st() call

To: Howard Chu <hyc@symas.com>
Subject: Re: ldap_bind_st() call
From: Thomas Egerer <thomas.egerer@secunet.com>
Date: Mon, 27 Jun 2011 10:46:04 +0200
Cc: openldap-devel@openldap.org
In-reply-to: <4E04E243.3050005@symas.com>
References: <4E044AFB.9020508@secunet.com> <4E04E243.3050005@symas.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20110307 Icedove/3.0.11

On 06/24/2011 09:15 PM, Howard Chu schrobtete:
> You appear to be using a very old version of OpenLDAP then.
This is correct, I am currently using openldap 2.1.30, still...

> The LDAP_OPT_TIMEOUT setting will timeout any synchronous request, and
> has done so since early 2007 at least.
... I cannot confirm this. Even when I use openldap 2.4.23 I can
reproduce my DoS-scenario by starting a 'nc -l localhost -p 389' and
performing an 'ldapsearch -l 5 -h localhost ...' which ends up in an
unresponsive ldapsearch.

>> A mailinglist-entry back from 2002 suggested the implementation
>> of a custom ldap_bind_st()-function, which I did using ldap_bind()
>> and ldap_result(). Yet, me efforts were in vain as I could not
>> retrieve the ld_error-member from LDAP-structure since it's an
>> opaque struct.
> 
> That's what ldap_get_option(,LDAP_OPT_RESULT_CODE,) is for.
Thanks, that was what I was looking for.

>> I finally ended up with a custom function which
>> essentially does what I want, but I cannot figure out
> 
>> To sum it up: any chance to get this upstream?
> No. The current code already works as desired.
I don't see that.

Regards

Thomas

Follow-Ups:
- Re: ldap_bind_st() call
  - From: Howard Chu <hyc@symas.com>
- Re: ldap_bind_st() call
  - From: Howard Chu <hyc@symas.com>

References:
- ldap_bind_st() call
  - From: Thomas Egerer <thomas.egerer@secunet.com>
- Re: ldap_bind_st() call
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: CRC -> MD5
Next by Date: Re: ldap_bind_st() call
Index(es):
- Chronological
- Thread