8 Apr
2010
8 Apr
'10
8:09 p.m.
Kurt@OpenLDAP.org wrote:
On Apr 8, 2010, at 3:58 PM, hyc@symas.com wrote:
Sounds like your servers are mis-configured, it is not legal to send a=20=
referral in response to a Bind request.
I note that the technical specification doesn't actually preclude return = of a referral in response to a Bind request. However, in practice, such = return is quite problematic due to ambiguous semantics and security = considerations.
Right. I can't find the discussion we had about this back in 2004, but certainly we've already hashed this out in great detail before.
The fact is that acting on a referral simply means performing a Bind against some other server. It does nothing for the authentication state of the session on the original server.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/