On 10.10.2013 13:59, Howard Chu wrote:
Stef Walter wrote:
On 10.10.2013 12:59, Howard Chu wrote:
stefw@redhat.com wrote:
Full_Name: Stef Walter Version: 2.4.35 OS: Fedora 19 Submission from: (NULL) (46.5.2.70)
Connectionless LDAP (ie: cldap enabled with -DLDAP_CONNECTIONLESS) is broken for IPv6 for current versions of openldap. Tested with version 2.4.35
It's not clear if this ever worked properly.
No, clearly not, the code was written and deprecated before IPv6 existed. Nobody should be using this code today.
Interesting. FWIW, the code is packaged by RHEL and Fedora, and is in use by several projects.
Can you list any of these, offhand? The original spec, RFC1798, is long obsoleted. There is no such thing as CLDAP in LDAPv3. Support in OpenLDAP was first removed back in 2000. (commit 25a9f7427ddc1b584a721ceb0e12690a96d3639e ) Any apps using this must be quite ancient code and in serious need of a rewrite.
Well, there's still lots of libldap client code around to support LDAP over UDP. Guarded with LDAP_CONNECTIONLESS #defines, and one can use "cldap://xxxx" urls with ldap_initialize() and do basic cldap searches and so on.
Windows Server is accessed via CLDAP during discovery. Although there is normative documentation for this, it's easier to understand via these descriptions:
http://wiki.wireshark.org/MS-CLDAP https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryDNSSites#Sendin...
So things like samba, IPA, realmd, adcli, and so on ... use and support cldap for talking with AD. I know Samba has reimplemented cldap but the others use libldap for this.
Cheers,
Stef
-
stefw@redhat.com