From 3954d6fdcfaffa5b64bcbfc48237c47d959b6318 Mon Sep 17 00:00:00 2001
From: Patrick Monnerat <patrick.monnerat@dh.com>
Date: Fri, 8 Apr 2016 16:49:49 +0200
Subject: KNOWN_BUGS: openldap hangs. TODO: binary SASL.

---
 docs/KNOWN_BUGS | 25 +++++++++++++++++++++++++
 docs/TODO       |  5 +++++
 2 files changed, 30 insertions(+)

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index e65b94c85..bbbe954f9 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -76,6 +76,9 @@ problems may have been fixed or changed somewhat since this was written!
  11.1 Curl leaks .onion hostnames in DNS
  11.2 error buffer not set if connection to multiple addresses fails
 
+ 12. LDAP and OpenLDAP
+ 12.1 OpenLDAP hangs after returning results
+
 ==============================================================================
 
 1. HTTP
@@ -423,3 +426,25 @@ problems may have been fixed or changed somewhat since this was written!
  only. But you only have IPv4 connectivity. libcurl will correctly fail with
  CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER
  remains empty. Issue: https://github.com/curl/curl/issues/544
+
+
+12. LDAP and OpenLDAP
+
+12.1 OpenLDAP hangs after returning results
+
+ By configuration defaults, openldap automatically chase referrals on
+ secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
+ should monitor all socket descriptors involved. Currently, these secondary
+ descriptors are not monitored, causing openldap library to never receive
+ data from them.
+
+ As a temporary workaround, disable referrals chasing by configuration.
+
+ The fix is not easy: proper automatic referrals chasing requires a
+ synchronous bind callback and monitoring an arbitrary number of socket
+ descriptors for a single easy handle (currently limited to 5).
+
+ Generic LDAP is synchronous: OK.
+
+ See https://github.com/curl/curl/issues/622 and
+     https://curl.haxx.se/mail/lib-2016-01/0101.html
diff --git a/docs/TODO b/docs/TODO
index e49d7caa6..66e3842f7 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -112,6 +112,7 @@
  16. SASL
  16.1 Other authentication mechanisms
  16.2 Add QOP support to GSSAPI authentication
+ 16.3 Support binary messages (i.e.: non-base64)
 
  17. Command line tool
  17.1 sync
@@ -668,6 +669,10 @@ that doesn't exist on the server, just like --ftp-create-dirs.
  with integrity protection) and auth-conf (Authentication with integrity and
  privacy protection).
 
+16.3 Support binary messages (i.e.: non-base64)
+
+  Mandatory to support LDAP SASL authentication.
+
 17. Command line tool
 
 17.1 sync
-- 
cgit v1.2.3