ando@sys-net.it wrote:
h.b.furuseth@usit.uio.no wrote:
ando@sys-net.it writes:
Proxy backends use ldap_set_option(3) to set alias dereferencing when requested by a search operation (and do not clean it up afterwards, as far as I can tell). Since LDAP handlers are pooled and reused, this behavior is inherently broken.
I note you committed this with an ldap_int_* interface.
Yes, that's because I needed it internally.
I think ldap_pvt would make more sense.
I recall complaining about this deficiency in the API back in 1998, when I first wrote back-ldap. Alias deref has always been a part of the protocol, but it has always been missing from the API. Perplexing...
But it could be useful outside OpenLDAP code too.
Yes, that will probably be the next step. But to make it publicly available I should have called it ldap_search_ext2, or ldap_search_really_ext or something like that. I think we need to make it public based on demand and after a ballot on the name.
Ok.
Seems to me this is what client-side controls are for. Extending the client-side functionality without needing a new API.
Well, since alias dereferencing is part of the protocol, I think using a client-side control is sort of an overkill :)
Agreed.
-
hyc@symas.com