[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Order of calling ldap_bind_s() and ldap_start_tls_s()

To: "Mayers, Philip J" <p.mayers@ic.ac.uk>
Subject: Re: Order of calling ldap_bind_s() and ldap_start_tls_s()
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 19 Oct 2001 15:18:04 +0200
Cc: openldap-software <openldap-software@OpenLDAP.org>
Organization: stroeder.com
References: <A0F836836670D41183A800508BAF190B35EC6A@icex1.cc.ic.ac.uk>

"Mayers, Philip J" wrote:
> 
> Bear in mind that different SASL mechanisms *may* be available depending on
> the presence or absence of a transport-layer security (TLS, IPsec).

Yes, that's what really scares me.

> You're right, it's an interesting question.

(Sigh!)

> How about - do an anonymous LDAPv3 bind with version3, if it fails fallback
> to version 2. If it successes, read the rootDSE - if present, StartTLS.
> Then, rebind as the user.

That was also my idea. But I'm afraid that the server might not be
willing to send me the supportedExtension attribute if doing the
search bound as anonymous user. Kind of a complicated hen-and-egg
problem.

Ciao, Michael.

References:
- RE: Order of calling ldap_bind_s() and ldap_start_tls_s()
  - From: "Mayers, Philip J" <p.mayers@ic.ac.uk>

Prev by Date: RE: Order of calling ldap_bind_s() and ldap_start_tls_s()
Next by Date: Non-english characters and searches
Index(es):
- Chronological
- Thread