Re: LDAPBind as defined in draft-ietf-ldapext-ldap-java-api-11.txt
It is unclear from the draft how the LDAPConnection object must
be
used by an application implementing the LDAPBind interface.
I am guessing that the LDAPConnection object passed to the bind()
method of the LDAPBind implementation is a new LDAPConnection object
created by automatic referall following code in the original
LDAPConnection
object. The object contains the AuthenticationDN and
AuthenticationPassword from the LDAPConnection that the continuation
reference was received on. The Host and Port are filled in from the
referral/reference host & port. When passed to the bind() method,
neither connect nor bind has been performed on this LDAPConnection
object.
In order to make this work, I believe the iimplementation of the
LDAPBind.bind() method MUST use the LDAPConnection object, which
was passed as a parameter, to perform its connect and bind calls.
It then returns success if both operations succeed. The
original
LDAPConnection object referral handling code can then use the
new LDAPConnection object when it resends the search request,
updated with the new search base and possibly search filter.
The above should be clarified in the draft.
It seems that the LDAPRebind interface would be easier to implement
if
additional data were provided in the new LDAPConnection object. Such
as:
1. A reference to the LDAPSocketFactory class from the original
LDAPConnection
object. This allows it to connect in the same way
as the original connection.
2. An LDAPConstraints object containing a reference to the LDAPRebind
object
from the original LDAPConnection object. The
LDAPBind.bind() method may
want to get authentication information using and
LDAPRebindAuth object, and
this gives it a way to do that.
3. The protocol version used in the connect/bind of the original
object. This allows
The LDAPBind.bind function to bind with same protocol
version used in the
original connection.
4. The mechanism used when binding. This could be the mechanism used
on the
bind in the original LDAPConnection object, or
perhaps LDAPRebindAuth could
be modified to provide the triplet - UserDN, Password,
and Mechanism for the
specified host.
IMO the above changes would give the application, using explicit bind,
greater flexibility
when dealing with referrals / continuation references during automatic
referral
following:
Comments?
Thanks,
Steve
|