From 3954d6fdcfaffa5b64bcbfc48237c47d959b6318 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Fri, 8 Apr 2016 16:49:49 +0200 Subject: KNOWN_BUGS: openldap hangs. TODO: binary SASL. --- docs/KNOWN_BUGS | 25 +++++++++++++++++++++++++ docs/TODO | 5 +++++ 2 files changed, 30 insertions(+) diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index e65b94c85..bbbe954f9 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -76,6 +76,9 @@ problems may have been fixed or changed somewhat since this was written! 11.1 Curl leaks .onion hostnames in DNS 11.2 error buffer not set if connection to multiple addresses fails + 12. LDAP and OpenLDAP + 12.1 OpenLDAP hangs after returning results + ============================================================================== 1. HTTP @@ -423,3 +426,25 @@ problems may have been fixed or changed somewhat since this was written! only. But you only have IPv4 connectivity. libcurl will correctly fail with CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER remains empty. Issue: https://github.com/curl/curl/issues/544 + + +12. LDAP and OpenLDAP + +12.1 OpenLDAP hangs after returning results + + By configuration defaults, openldap automatically chase referrals on + secondary socket descriptors. The OpenLDAP backend is asynchronous and thus + should monitor all socket descriptors involved. Currently, these secondary + descriptors are not monitored, causing openldap library to never receive + data from them. + + As a temporary workaround, disable referrals chasing by configuration. + + The fix is not easy: proper automatic referrals chasing requires a + synchronous bind callback and monitoring an arbitrary number of socket + descriptors for a single easy handle (currently limited to 5). + + Generic LDAP is synchronous: OK. + + See https://github.com/curl/curl/issues/622 and + https://curl.haxx.se/mail/lib-2016-01/0101.html diff --git a/docs/TODO b/docs/TODO index e49d7caa6..66e3842f7 100644 --- a/docs/TODO +++ b/docs/TODO @@ -112,6 +112,7 @@ 16. SASL 16.1 Other authentication mechanisms 16.2 Add QOP support to GSSAPI authentication + 16.3 Support binary messages (i.e.: non-base64) 17. Command line tool 17.1 sync @@ -668,6 +669,10 @@ that doesn't exist on the server, just like --ftp-create-dirs. with integrity protection) and auth-conf (Authentication with integrity and privacy protection). +16.3 Support binary messages (i.e.: non-base64) + + Mandatory to support LDAP SASL authentication. + 17. Command line tool 17.1 sync -- cgit v1.2.3