[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inconsistency with failed binds

To: <h.b.furuseth@usit.uio.no>, <ietf-ldapbis@OpenLDAP.org>
Subject: Re: Inconsistency with failed binds
From: "Jim Sermersheim" <jimse@novell.com>
Date: Mon, 02 Dec 2002 18:02:11 -0700
Cc: "Roger Harrison" <RHARRISON@novell.com>
Content-disposition: inline

>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 12/01 2:02 PM >>>
>[Protocol] 4.2.1, last paragraph, says:
>   if the bind fails, the connection will be treated as anonymous.
>
>However, the state machine in [Authmeth] 6.4 shows several instances of
>failed binds (action A2) resulting in authenticated state (state S4-S8).

I've changed the text to read: 
"Authentication from earlier binds are subsequently ignored. A failed or abandoned Bind Operation has the effect of leaving the connection in an anonymous state. To arrive at a known authentication state after abandoning a bind operation, clients may either unbind, rebind, or make use of the BindResponse."

Hopefully this covers it.

>BTW, there is no action defined in [Authmeth] 6.2 for a bind with
>incorrect credentials, only without credentials when the server requires
>them.
>
>Maybe action A1 (anonymous bind) should be extended to cover that,
>and maybe A2 should be merged into it as well?

I'll let Roger address those

>-- 
>Hallvard

Thanks. Jim

Prev by Date: Re: Continuation reference to root DN
Next by Date: Re: TLS closure and outstanding operations
Index(es):
- Chronological
- Thread