--On Thursday, May 13, 2004 1:02 AM +0200 Denis Gervalle <[EMAIL PROTECTED]>
wrote:
Your patch fix the flaw I talk about in my two previous e-mails. (Do not
forget the main trunk which has the same flaw.)
I agree with all you said, except that my patch (Bug 27134) do not make
unnecessary rebind. The main difference between your solution and mine is
that I delegate the rebinding of the connection for userid checking to
the util_ldap_connection_open in place of simulating it directly with a
direct call to ldap_simple_bind_s.
I re-ran my test cases, comparable to the tests I did on util_ldap.c
version 1.24, described in my comments under bug 27134, and this time the
results were all correct, where as with 1.24 the majority were wrong.
This tends to confirm empirically that the problem causing incorrect
authentication results is fixed by the patch.
(The number of TCP sockets to the LDAP server used seemed reasonable too,
though I didn't look at that very closely.)
This was basically sticking util_ldap.c v1.3.27 with today's patch added,
in with the rest of the files taken from the 2.0.49 distribution.
(Starting with some more recent CVS for the other files might be a better
test of things as a whole, but I wanted not to change too many factors at
once.)
--
Albert Lunde [EMAIL PROTECTED]
[EMAIL PROTECTED] (new address for personal mail)
[EMAIL PROTECTED] (old address)
