[Date Prev][Date Next] [Chronological] [Thread] [Top]


At 02:27 AM 12/22/2003, Michael Ströder wrote:
>As I understand Kurt if you're deploying a proprietary simple bind mechanism which uses NULL chars you're lost with ldap_simple_bind(). 

My first point is that a password containing zero-valued octets
is quite valid yet ldap_simple_bind, in tended to be a low
level interface to the Simple bind operation, cannot produce

My second point, if one assumes ldap_simple_bind is a higher
level interface dealing with passwords composed of character
data, then ldap_simple_bind() lacks key functionality needed
to support such.  In particular, ldap_simple_bind doesn't
"prepare" the passwords for matching.

Lastly, it was noted, that ldap_simple_bind() is one of few
new APIs interfaces which doesn't support controls.

Hallvard's point that maybe deprecating ldap_simple_bind should
wait until there is more suitable replacement than ldap_sasl_bind
is well taken.  ldap_simple_bind_ext will be coming soon.

Of course, maybe we should just give up on trying to "fix" this
library and just write a new one...  I've been quite close to
doing this before (I've actually started doing it a few times),
but it's more work than I want to take on right now.