dirmngr should be able to use LDAPv3
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	tim
	Oct 21 2012, 8:15 PM

Description

dirmngr is not able to query LDAPv3 servers (e.g. ldap1.pca.dfn.de). The reason
is that libldap uses only v3 by default for compatibility reasons.

http://linux.die.net/man/3/ldap_set_option says:
"The protocol version used by the library defaults to LDAPv2 (now historic),
which corresponds to the LDAP_VERSION2 macro. Application developers are
encouraged to explicitly set LDAP_OPT_PROTOCOL_VERSION to LDAPv3, using the
LDAP_VERSION3 macro, or to allow users to select the protocol version."

There should be at least the possibility to select v3 explicitly, if not drop
support for v2 completely: v3 was proposed in 1997...

Another (probably ugly) possibility would be to try v2 and switch to v3 if the
the server responds with "protocol error" (see
http://tools.ietf.org/html/rfc2251#section-4.2.3 ) to the bind request.
This is what actually happens with ldap1.cpa.dfn.de.

Event Timeline

tim added projects: dirmngr, Feature Request.Oct 21 2012, 8:15 PM

tim added a subscriber: tim.

original; report was for the dirmngr package. Won't fix it there.

(At least) 2.1.9 should support version 3 (see dirmngr/ks-engine-ldap.c:492).
If this is still not working, please reopen this bug. Thanks.

neal closed this task as Resolved.Nov 17 2015, 10:20 PM

neal claimed this task.

dirmngr should be able to use LDAPv3Closed, ResolvedPublicActions

Description

Event Timeline

dirmngr should be able to use LDAPv3
Closed, ResolvedPublic
Actions