[Date Prev][Date Next] [Chronological] [Thread] [Top]

Protocol: Restricting operations while binding

To: <ietf-ldapbis@OpenLDAP.org>
Subject: Protocol: Restricting operations while binding
From: "Jim Sermersheim" <jimse@novell.com>
Date: Fri, 16 Apr 2004 21:05:59 -0600
Content-disposition: inline

It was recently mentioned that we should discuss whether a client is allowed to send requests while a bind response is outstanding.  
 
The problem that has arisen in the past has been with clients that send operations asynchronously along with a bind. For example:

C                  S
*----------------------
bind---------->
               workerThread(bind)
search-------->
               workerThread(search)
<--------------search resp
<--------------bind resp

This is due to the server spawning worker threads for each operation. Sometimes an operation is performed before operations sent prior.

If the client is told to block until the bind response is returned before sending subsequent responses, it can be assured that those operations will be performed using the correct authN.

I believe this goes beyond bind, to any operation that can change the authN or authZ of an association.

I don't think we can get away with a mandate. But I think a recommendation would be good.

Jim

Follow-Ups:
- Re: Protocol: Restricting operations while binding
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: "connections" (Was: protocol-22 comments)
Next by Date: control combination was: Re: protocol-22 comments)
Index(es):
- Chronological
- Thread