[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Order of calling ldap_bind_s() and ldap_start_tls_s()
Bear in mind that different SASL mechanisms *may* be available depending on
the presence or absence of a transport-layer security (TLS, IPsec). You're
right, it's an interesting question.
How about - do an anonymous LDAPv3 bind with version3, if it fails fallback
to version 2. If it successes, read the rootDSE - if present, StartTLS.
Then, rebind as the user.
Regards,
Phil
+------------------------------------------+
| Phil Mayers |
| Network & Infrastructure Group |
| Information & Communication Technologies |
| Imperial College |
+------------------------------------------+
-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com]
Sent: 19 October 2001 13:46
To: openldap-software
Subject: Order of calling ldap_bind_s() and ldap_start_tls_s()
HI!
I wonder how a generic LDAP client should behave when connecting to
an unknown LDAP server with unknown version/features/extensions and
Start TLS should be used if available.
At the moment I'm trying to do a LDAPv3 bind and switch back to
LDAPv2 if the server returns LDAP_UNSUPPORTED_VERSION. However the
error is only returned after doing a ldap_bind_s().
Now I would like to know if it's appropriate to try a LDAPv3 bind,
read the root DSE and use ldap_starttls_s() afterwards if the server
announces Start TLS (1.3.6.1.4.1.1466.20037) in attribute
supportedExtension of its root DSE.
Ciao, Michael.