On Thu, Sep 26, 2002 at 02:45:51PM +0300, Mike Jackson wrote: > Claudio Jeker ([EMAIL PROTECTED]) wrote: > > On Mon, Sep 16, 2002 at 04:37:21PM +0300, Mike Jackson wrote: > > > Hi, > > > I made a small fix, since the v2 libs didn't support ldap_set_option(), > > > I just removed it from the v2 section. Sorry for missing it the first > > > time! > > > > > > > I finaly found some time to have a closer look at your patch. > > I started to add it to our patch but I have some question and comments: > > Your mentioning that ldap_set_option() is not supported in the v2 libs. > > I realized that in my old OpenLDAP 1.2.x libs there is no such function > > ldap_set_option() (this is why we had the block #ifdef-ed). > > I also see that my OpenLDAP 2.0.x libs do have both ldap_set_option() and > > LDAP_VERSION2 so I do not understand your comment about the > > ldap_set_option() support. > > Hi, > I think you, along with many others, are confused by the confusing > version numbers between OpenLDAP and the LDAP protocol. > > OpenLDAP 1.x libs only speak LDAPv2 protocol - no need for > ldap_set_option() >
It also has no ldap_set_option() symbol defined. > OpenLDAP 2.x libs speak both LDAPv2 and LDAPv3 protocol - > ldap_set_option() can specify the protocol version to bind with > > OpenLDAP 2.x libs default to LDAPv2 bind, in compliance with the > internet draft regarding C LDAP API. This is really stupid, imho. > > LDAPv2 protocol should only be supported for backward compatibility at > this point. > > According to the RFC 2251 section 4.2, applications today should first > attempt to do an LDAPv3 connect and if unsuccessful, then they should close > the connection and do an LDAPv2 connect. > > This is was your code does. Does anybody know if there is a ldap-sdk that tries to connect using LDAPv1 protocol or needs an explicit call to ldap_set_option() to get a correct connection? Netscape / Sun ? > > I removed the stuff with the error number LDAP_VERSION_ERROR, it is not > > needed becasue it is not en error. > > If the connect with version 2 is successful there is no need for an error. > > > > It is necessary, because the error is in relation to an attempted LDAPv3 > bind being not supported. > The error is not an error and so the qldap_errno is overridden by the next error. Therfor I think it is impossible to get the LDAP_VERSION_ERROR. We will see... -- :wq Claudio
