directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: Mina SSL issue and insane DNs
Date Wed, 20 Jan 2016 18:53:22 GMT
Le 20/01/16 19:24, Radovan Semancik a écrit :
> Hi,
> I done more Active Directory tests with the latest API trunk. There
> are two things you should know:
> 1. LDAP over SSL with AD fails when getting big things (such as AD
> schema). It ends up in an endless loop. It is obviously a Mina bug and
> I have sent the path to mina dev mailing list. However it might be a
> good idea to coordinate with the mina project and switch the API to
> the fixed mina version. I believe that this bug may appear in any
> LDAPS connection and it is really nasty to diagnose (endless loop, no
> relevant error, no log message).

MINA will be fixed and released asap. Thanks for having chased to
origine of the pb...

Now, would the submitted patch fix the issue ?

> 2. Active directory supports insane DN formats such as
> <GUID=ae36bced-d6dd-cb41-a7e9-ef4f9bd59f0d>. Yes, this is passes ad
> DN. Yes, really like that, including the angle brackets. However
> unbelievable it might be, this kind of DN is in fact required to get
> some attributes (e.g. msds-memberOfTransitive) as these only appear in
> scope=base searches. And this seems to be the only efficient way how
> to get scope=base search when all you know is object GUID. Of course,
> the API complained about the format and failed to process it. So I
> have committed a patch that tolerates these insane formats when
> relaxed mode is set.

yuk :/

We should probably think about cutting a release soon, then. I have also
injected some changes before taking some vacations, and I was actually
thinking about cutting a 1.0.0-RC1 release, instead of another milstone.

Thoughts ?

View raw message