DO NOT REPLY [Bug 39095] - ldap_simple_bind_s fails

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39095>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39095





------- Additional Comments From dopey@moonteeth.com  2007-11-12 11:15 -------
We've patched util_ldap.c on our build of apache to in uldap_connection_open to
check for LDAP_UNAVAILABLE.
The patch is actually conditional on
#if APR_HAS_MICROSOFT_LDAPSDK

The problem is indeed the Microsoft SDK.  When the TCP RST comes in, instead of
returning back to the calling code an LDAP_SERVER_DOWN return code, it returns
LDAP_UNAVAILABLE, which according to the LDAP RFCs is wrong.  LDAP_UNAVAILABLE
is supposed to be a server return code telling the client, "I'm unavailable,
maybe I'm shutting down, maybe I'm in the middle of maintenance".

The SDK APIs should not be interpreting TCP RSTs as an LDAP_UNAVAILABLE. 
However, good luck getting Microsoft to admit and/or fix this.

If there's enough interest, I can pull out our patch (we have multiple patches
against the file and unfortunately no diff files right now), but I think it's
pretty easy to change uldap_connection_open to do the retry on LDAP_UNAVAILABLE
if the MS LDAP SDK is used.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org