On 3/25/22 15:40, thomaswilliampritchard@gmail.com wrote:
When it comes to, for example, sending a bind, a search, a bind (different user), and a search, when I send those serially without waiting for a response, are there any guarantees around getting successful bind responses before search results?
No. This does not work.
You could use two separate LDAP connections: 1. for identifying the user with an asynchronous search operation and 2. for sending bind operations synchronously waiting for the bind response. This might save some round-trips at lower level.
Or you're verifying the password hash and password policy yourself. This would require that the LDAP client has read access to password hashes.
Or in case the server is a recent OpenLDAP slapd then you might want to look into using the Verify Credentials extended operation.
Ciao, Michael.