Re: libldap v3.3 referral bug on kerberized Modify operation

Gordon Good (
Tue, 09 Jul 1996 13:56:35 -0700

Jeff.Hodges@Stanford.EDU wrote:
> I've noticed that it looks like the libldap (i.e. the ldap client-side stub
> code) has a bug wherein if I bind (kerberized) to one of my slapd slaves, and
> attempt a modify, the slave returns a referral to my ldap stub pointing to the
> master. But in the subsequent bind to the master, my DN is left out of the bind
> info, and so I am not authenticated properly and the MOD operation is denied.

Jeff, clients need to use ldap_set_rebind_proc() in this case. See the ldap_bind man page.

I'm not sure if maX.500 does this, but xax500 definitely does not (it predates
ldap_set_rebind_proc's inclusion in the ldap library).

Gordon Good                          (opinions expressed here are mine, 
Netscape Communications Corp.         not necessarily my employer's)
Mountain View, CA