[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: referrals

To: openldap-devel@openldap.org
Subject: Re: referrals
From: Robert Streich <streich@austin.apc.slb.com>
Date: Wed, 28 Oct 1998 14:59:55 -0600 (CST)
Content-md5: /iBMErUODogTKHA6gU2kSQ==

> h.b.furuseth@usit.uio.no said:
> > Send proper LDAPv3 referrals to v3 clients.
> > Retain the current behaviour when talking to v2 clients: Fake
> > referrals in the errorMessage field, and a return code which does not
> > exist in rfc1777. 
> 
> Right. The client can announce which version it desires to use in it's Bind 
> operation. In v3, the client doesn't have to bind first, so nominally the 
> client is indicating it wants to do v3 if it simply starts firing away with 
> protocol operations other than a Bind.
> 
> However, the server implementer can give the server administrator config 
> choices to select just what behavior is desired, e.g...
> 
> 	[hypothetical slapd.conf or equivalent]
> 	- speak with [ v2 | v3 | v2&v3 ] clients.
> 	- do UMich-style v2 referrals [ yes | no ]
> 	- assume client who queries w/o binding a v3 client [ yes | no ]

Hmmm. I don't think that last option should be included. The RFC is
pretty clear on that one (section 4, 2251):

   ... If a client has not sent
   a bind, the server MUST assume that version 3 is supported in the
   client (since version 2 required that the client bind first).

bob

Prev by Date: Re: referrals
Next by Date: LDAPS (LDAP over SSL) client authentication
Index(es):
- Chronological
- Thread