I'm looking to better understand the relationship in packet
ordering when it comes to bind requests. As far as I've learned so far I can send a
few ldap requests and potentially get responses in an order that doesn't match what
When it comes to, for example, sending a bind, a search, a bind (different user), and a
search, when I send those serially without waiting for a response, are there any
guarantees around getting successful bind responses before search results? Is it
guaranteed that I would get a bind result from the second bind before search results from
the second search? Is it guaranteed the second bind result would come after the end of the
first search results, or might I receive the second bind result before the end of the
first set of search results (or even in the middle of the second set of search results)?
Then when it comes to server side processing, is it guaranteed that the first search is
executed with the authorization of the first bind, and second search executed with the
authorization of the second bind? Or is there a way the second search is processed before
the second bind?
How does openldap manage changing authorization in the middle of an executing search? If
the first search is in flight and the second bind request comes in, does the first search
continue to execute and finish with the authorization of the first bind?
No. RFC 4511 section 4.2 is explicit about this.
Are you aware of clients or tools that leverage that multi request (without waiting for a
response) capacity of ldap? In what types of applications might a client send many
requests without waiting for any responses?
Badly written applications that ignore the RFCs.
Thanks for the consideration
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/