[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP_OPT_PROTOCOL_VERSION returning 2, when 2 not supported. (ITS#2454)

To: openldap-its@OpenLDAP.org
Subject: LDAP_OPT_PROTOCOL_VERSION returning 2, when 2 not supported. (ITS#2454)
From: jhaltom@feedbackplusinc.com
Date: Thu, 17 Apr 2003 06:00:33 GMT

Full_Name: Jerry Haltom
Version: 2.1.12
OS: Linux (Debian)
URL: 
Submission from: (NULL) (12.239.86.41)


I first noticed this problem when I upgraded to this version of OpenLDAP. Samba,
which was using LDAP for authentication information, ceased to work. Upon
examining the Samba logs, I saw Bind failure: Protocol error. This didn't help
me at all, so I went searching in Samba's source code.

Samba appeared to call ldap_get_option (ld, LDAP_OPT_PROTOCOL_VERSION,
&version). After wards version was set to 2. I assume (not having experience
with OpenLDAP's source) that this it the optimal version available?

Samba then did some checks, to make sure it knew how to handle the version
returned. It then proceeded to bind. Bind failed, saying the protocol wasn't
supported.

I wrote up a little test program to investigate this, and realized that when I
called ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, 3), bind completed
successfully. I modified Samba's code to send version 3. Samba now works.

I'm reporting this to the OpenLDAP issue tracking system because I believe my
modifications to Samba were a workaround. I think that LDAP_OPT_PROTOCOL_VERSION
shouldn't have been set to 2 when 2 wasn't supported.

If this is correct: have a nice day!

The following is my test program

#include <stdio.h>
#include <lber.h>
#include <ldap.h>
                                                                               

#define LDAPHOST "localhost"
#define LDAPPORT 389
#define ROOTDN "x"
#define ROOTPW "x"
                                                                               

main() {
        LDAP *ld;
        LDAPMessage *result;
        int nentries;
        int version;
                                                                               

        if ( (ld = ldap_init(LDAPHOST, LDAPPORT)) == NULL) {
                perror("ldap_init");
                return( 1 );
        }
                                                                               

        if ( ldap_get_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) !=
LDAP_OPT_SUCCESS) {
                ldap_perror( ld, "Could not get version" );
                return( 1 );
        }
                                                                               

        printf("%d", version); // This prints out 2
        //version = 3; // this fixes the bind. But its strange that it was 2 by
default.
                                                                               

        ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version);
                                                                               

        if( ldap_simple_bind_s( ld, ROOTDN, ROOTPW ) != LDAP_SUCCESS) {
                ldap_perror( ld, "bind ->>>" );
                ldap_unbind( ld );
                return( 1 );
        }
                                                                               

                                                                               

        printf("The SERVER is UP\n");
}

Prev by Date: RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)
Next by Date: (ITS#2449)
Index(es):
- Chronological
- Thread