In our docs, should we use the term "Fast Bind", i.e. when a client supplies a full DN and also a password, or is it misleading?
I've seen this referenced in other documentation and Cyrus SASL.
In our docs, should we use the term "Fast Bind", i.e. when a client supplies a full DN and also a password, or is it misleading? I've seen this referenced in other documentation and Cyrus SASL.
"Fast Bind" to me refers to an extended operation supported by Active Directory.
http://msdn2.microsoft.com/en-us/library/Aa367028.aspx "Concurrent bind, also known as fast bind, enables an application to determine if multiple users have valid IDs and passwords and if their accounts are enabled. By using concurrent binding, the application can request multiple bind operations by way of a single LDAP connection.
Unlike a normal LDAP bind, a concurrent bind does not determine a user group association or build a security token; it only determines if the user has a valid ID and password. This enables the concurrent bind to complete in a fraction of the time of a normal bind."
Gavin Henry wrote:
In our docs, should we use the term "Fast Bind", i.e. when a client supplies a full DN and also a password, or is it misleading?
I've seen this referenced in other documentation and Cyrus SASL.
No. what you term "fast bind" is just a SIMPLE bind (RFC 4511). In other documents (like this http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/using_ldap_for_password_authentication.asp) it might be improperly termed like that as opposed to bind procedures that involve other methods, like SASL.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
<quote who="Pierangelo Masarati">
Gavin Henry wrote:
In our docs, should we use the term "Fast Bind", i.e. when a client supplies a full DN and also a password, or is it misleading?
I've seen this referenced in other documentation and Cyrus SASL.
No. what you term "fast bind" is just a SIMPLE bind (RFC 4511). In other documents (like this http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/using_ldap_for_password_authentication.asp) it might be improperly termed like that as opposed to bind procedures that involve other methods, like SASL.
OK, I was a little confused.
Ta.
Adam Tauno Williams wrote:
"Fast Bind" to me refers to an extended operation supported by Active Directory.
http://msdn2.microsoft.com/en-us/library/Aa367028.aspx "Concurrent bind, also known as fast bind, enables an application to determine if multiple users have valid IDs and passwords and if their accounts are enabled. By using concurrent binding, the application can request multiple bind operations by way of a single LDAP connection.
Unlike a normal LDAP bind, a concurrent bind does not determine a user group association or build a security token; it only determines if the user has a valid ID and password. This enables the concurrent bind to complete in a fraction of the time of a normal bind."
Yes: yet another limitation of AD sold as an exiting feature, but nothing more than the old simple bind. So let's keep using the right name.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
<quote who="Pierangelo Masarati">
Adam Tauno Williams wrote:
"Fast Bind" to me refers to an extended operation supported by Active Directory.
http://msdn2.microsoft.com/en-us/library/Aa367028.aspx "Concurrent bind, also known as fast bind, enables an application to determine if multiple users have valid IDs and passwords and if their accounts are enabled. By using concurrent binding, the application can request multiple bind operations by way of a single LDAP connection.
Unlike a normal LDAP bind, a concurrent bind does not determine a user group association or build a security token; it only determines if the user has a valid ID and password. This enables the concurrent bind to complete in a fraction of the time of a normal bind."
Yes: yet another limitation of AD sold as an exiting feature, but nothing more than the old simple bind. So let's keep using the right name.
Good. I'll forget I ever heard/read it. ;-)
Gavin.
-
Adam Tauno Williams -
Gavin Henry -
Pierangelo Masarati