thomaswilliampritchard@gmail.com wrote:
I'm looking to better understand the relationship in packet ordering when it comes to bind requests. As far as I've learned so far I can send a few ldap requests and potentially get responses in an order that doesn't match what i've sent.
When it comes to, for example, sending a bind, a search, a bind (different user), and a search, when I send those serially without waiting for a response, are there any guarantees around getting successful bind responses before search results? Is it guaranteed that I would get a bind result from the second bind before search results from the second search? Is it guaranteed the second bind result would come after the end of the first search results, or might I receive the second bind result before the end of the first set of search results (or even in the middle of the second set of search results)?
Then when it comes to server side processing, is it guaranteed that the first search is executed with the authorization of the first bind, and second search executed with the authorization of the second bind? Or is there a way the second search is processed before the second bind?
How does openldap manage changing authorization in the middle of an executing search? If the first search is in flight and the second bind request comes in, does the first search continue to execute and finish with the authorization of the first bind?
No. RFC 4511 section 4.2 is explicit about this.
Are you aware of clients or tools that leverage that multi request (without waiting for a response) capacity of ldap? In what types of applications might a client send many requests without waiting for any responses?
Badly written applications that ignore the RFCs.
Thanks for the consideration Tom