curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: LDAP URL with a userinfo part

From: Howard Chu via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 13 Dec 2021 17:56:10 +0000

Patrick Monnerat via curl-library wrote:
> The standard LDAP URL does not include a userinfo part. If one is given, curl currently connects and binds using these credentials, but rejects the request at
> the "do" phase (openldap parse error).
>
> I think this should be cleaned up. How should curl behave in such a case?
>
> - Reject: before attempting connection.

Probably this, since RFC 4516 doesn't specify that userinfo is valid in an LDAP URL.
RFC 4516 seems to assume that if authentication is going to be done, it is configured
elsewhere in a client and so doesn't need to be part of URLs themselves.

> - Accept: do not fail on the "do" phase.
>
> - Ignore: do not use it for bind but accept its presence in URL.
>
> Thanks for your advice.
>
> Patrick
>


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2021-12-13