Hallo,
I use OpenLDAP in an authentication project and I would like to correctly deal with fauly networks. I mean networks that have packet losses and such.
That is why I would like to know whether there is a function in OpenLDAP which allows to check (and maybe sanitize) possibly corrupted sockets associated with the LDAP handle?
Many thanks for all your replies
Regards, Khaled
On Fri, July 8, 2011 13:57, Khaled Blah wrote:
Hallo,
I use OpenLDAP in an authentication project and I would like to correctly deal with fauly networks. I mean networks that have packet losses and such.
That is why I would like to know whether there is a function in OpenLDAP which allows to check (and maybe sanitize) possibly corrupted sockets associated with the LDAP handle?
If the packet checksums don't match then the network won't forward the packets up the stack layers. i.e. OpenLDAP just won't see them.
On Fri, Jul 08, 2011 at 01:57:29PM +0200, Khaled Blah wrote:
I use OpenLDAP in an authentication project and I would like to correctly deal with fauly networks. I mean networks that have packet losses and such.
You do not need to worry about that at the LDAP level, as TCP deals with it at the transport level.
That is why I would like to know whether there is a function in OpenLDAP which allows to check (and maybe sanitize) possibly corrupted sockets associated with the LDAP handle?
If you are really concerned about corrupted data due to malicious causes then you should use TLS. The combination of TCP, stream encryption, and LDAP protocol checks should catch almost any corruption.
Andrew
Thx for your replies!
2011/7/8 Andrew Findlay andrew.findlay@skills-1st.co.uk:
On Fri, Jul 08, 2011 at 01:57:29PM +0200, Khaled Blah wrote:
I use OpenLDAP in an authentication project and I would like to correctly deal with fauly networks. I mean networks that have packet losses and such.
You do not need to worry about that at the LDAP level, as TCP deals with it at the transport level.
That is why I would like to know whether there is a function in OpenLDAP which allows to check (and maybe sanitize) possibly corrupted sockets associated with the LDAP handle?
If you are really concerned about corrupted data due to malicious causes then you should use TLS. The combination of TCP, stream encryption, and LDAP protocol checks should catch almost any corruption.
Andrew
| From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 |
openldap-technical@openldap.org