> Does anybody know if a bind request has to be issued to an LDAP > server before a search request can be issued? Does the protocol > specify an order?
LDAPv3 specifically provides for the concept of "implied anonymous binds." These occur when the first operation sent over a new socket is a non-bind operation (such as a search or compare); LDAPv3 servers are to treat such connections _as if_ an anonymous bind has been successfully performed before the non-bind operation is executed. However, it remains best practice to explicitly perform either an anonymous or an authenticated bind before searches. Yes, at the wire level, leaving out the bind step completely will indeed save packets, and in a situation where separate connections are expected to be constantly built up and torn down, this can improve performance. But expecting implied anonymous binds to be fully supported by all back ends is reckless, and good LDAP code would allow these to be toggled on or off. In this case, the implied anonymous search may be used just to get defaultNamingContext information (though this could just as readily be retrieved after the bind) and might not be further (ab)used. Your packet trace will show you whether they are only attempting to get such root info on the first call, or whether indeed their order-of-ops is completely screwy. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
