[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: start_tls while chasing referrals
- To: Bin Lu <wenwu.lu@gmail.com>
- Subject: Re: start_tls while chasing referrals
- From: Gavin Henry <ghenry@suretecsystems.com>
- Date: Fri, 06 Jul 2007 11:29:52 +0100
- Cc: openldap-bugs <openldap-bugs@openldap.org>
- In-reply-to: <ff16e1ea0706051511y7cfebba3oea3e1c6e8bd18f79@mail.gmail.com>
- Organization: Suretec Systems Ltd.
- References: <ff16e1ea0706051511y7cfebba3oea3e1c6e8bd18f79@mail.gmail.com>
- User-agent: Thunderbird 2.0.0.4 (X11/20070604)
Bin Lu wrote:
> Hi,
>
> I noticed the following bug fix in referral chasing
>
> http://bugzilla.padl.com/show_bug.cgi?id=210
>
> This seems only to take care of the usage with pam ldap lib. What if
> the ldap connection is not from the pam lib? In that case, when an
> ldap operation reaches a referral point, would the new connection be
> consistent if the original connection is using TLS(and the referral
> url is not using ldaps)? Our test shows it is not. Please advice, if
> that is also a security hole?
>
> Regards,
> Wenwu
Hi,
You must be using an old version of OpenLDAP (you do not mention which
version).
This was actioned and fixed in 2005:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3791;selectid=3791;usearchives=1;statetype=-1
Thanks.
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/