[Exim] use of ldap_init

Top Page
Delete this message
Reply to this message
Author: Phil Chambers
Date:  
To: exim-users
Subject: [Exim] use of ldap_init
I am not an LDAP expert, so I may need to be corrected here. If so, my apologies.
It may also be a difference between versions of LDAP (I have openldap2).

I have only looked at the SEARCH_LDAP_AUTH case, but expect the same problem in all
cases . As far as I can see control_ldap_search() in ldap.c will only work along the
list of ldap servers if ldap_init() fails. If ldap_bind() fails then that results
in a hard failure. The man page for ldap_init() says it does not make a connection,
so the connection is made by the call to ldap_bind(). I have checked some code
outside of exim and find that ldap_init() still retuns OK even when given the name
of a server which does not run ldap. It looks to me as if one needs to check the
return code from ldap_bind() for LDAP_UNAVAILABLE and treat that as DEFER.

ldap_open() does return a failure, but the man page says that is deprecated in
favour of ldap_init().

Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter