cURL / Mailing Lists / curl-library / Single Mail

curl-library

I have broken WinLDAP with v3 servers...

From: Guenter Knauf <eflash_at_gmx.net>
Date: Fri, 14 Sep 2007 14:33:23 +0200

Hi,
yeah, seems I'm good at the moment with breaking things;
with all my testing I didnt realize that the WinLDAP stuff got now broken with v3 servers;
I tested and tested, but didnt find that because I tested always against my NetWare LDAP servers which seem to support both v2 and v3; and against other servers I tested only with LDAPS which anyway wouldnt work with WinLDAP unless certs are in local cert store which I didnt test with.
The first problem is that WinLDAP defaults to v2;
the second problem is that WinLDAP doesnt honor:
ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
my fault - I should probably have checked the return value....
instead it seems that we can set the protocol version with WinLDAP only _after_ the connection is established:
ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);

for now I have only a quick hack which fixes the issue with another #ifdef:

--- ldap.c.orig Sat Aug 25 14:10:30 2007
+++ ldap.c Fri Sep 14 14:05:04 2007
@@ -120,7 +120,7 @@
   LDAPMessage *entryIterator;
   int num = 0;
   struct SessionHandle *data=conn->data;
- int ldap_proto;
+ int ldap_proto = LDAP_VERSION3;
   int ldap_ssl = 0;
   char *val_b64;
   size_t val_b64_sz;
@@ -153,7 +153,6 @@
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
   ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout);
 #endif
- ldap_proto = LDAP_VERSION3;
   ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
 
   if (ldap_ssl) {
@@ -289,6 +288,9 @@
       goto quit;
     }
   }
+#ifdef CURL_LDAP_WIN
+ ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto);
+#endif
 
   rc = ldap_simple_bind_s(server,
                           conn->bits.user_passwd ? conn->user : NULL,

for the users who might run into this problem please either apply the above patch which restores previous functionality, or compile with OpenLDAP or Novell CLDAP libraries (see INSTALL for download links to these SDKs).

I will soon look again into this, probably it can be done better;
but I'm extremly short of time at the moment, so every better suggestion welcome!

Sorry about that.

Guen.
Received on 2007-09-14