Re: PROPOSED PATCH. Please test (was: Odd postfix LDAP behavior)

On Thu, Oct 27, 2011 at 07:22:05PM -0700, Quanah Gibson-Mount wrote:

> The issue I fixed today would affect any postfix build with an
> OpenLDAP API at least as far back as OpenLDAP 2.1. What postfix
> revisions you fix are entirely up to you of course, and I think
> reasonably I wouldn't expect you to fix unsupported postfix
> releases, but it is not limited to the OpenLDAP 2.4 API.

No, in OpenLDAP 2.3.4, the ldap_parse_sasl_bind_result()
function returns an error when bind operations fail:

        ... openldap-2.3.4/libraries/libldap/sasl.c line 349:
                ld->ld_errno = errcode;

                if ( freeit ) {
                        ldap_msgfree( res );
                }

                return( ld->ld_errno );
        }

Therefore, with OpenLDAP 2.3(.4) or older the Postfix code does not
IMHO fail to detect failed logins. What evidence do you have to
the contrary?

-- Viktor.

• This message: [ Message body ]
• Next message: Robert Schetterer: "Re: Implementing quota based rejection"
• Previous message: /dev/rob0: "Re: 4.2.1 or 5.2.1 message with disabled mailboxes in sql virtual hosting"
• In reply to: Quanah Gibson-Mount: "Re: PROPOSED PATCH. Please test (was: Odd postfix LDAP behavior)"
• Next in thread: Quanah Gibson-Mount: "Re: PROPOSED PATCH. Please test (was: Odd postfix LDAP behavior)"
• Reply: Quanah Gibson-Mount: "Re: PROPOSED PATCH. Please test (was: Odd postfix LDAP behavior)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]