Closed Bug 198168 Opened 22 years ago Closed 21 years ago

LDAP v3 isn't supported...

Categories

(MailNews Core :: LDAP Integration, defect)

Product:
MailNews Core
Component:
LDAP Integration
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.7alpha

People

(Reporter: bugzilla, Assigned: dmosedale)

References

(
URL
)

Details

(Keywords: verified1.7)

Attachments

(4 files, 2 obsolete files)

.protocolVersion patch, v3
33.65 KB, patch
sspitzer
: review+
sspitzer
: superreview+
Details | Diff | Splinter Review
fix build bustage
893 bytes, patch
Details | Diff | Splinter Review
fix typo to let you turn of v3 for ldap auto complete
675 bytes, patch
dmosedale
: review+
Bienvenu
: superreview+
Details | Diff | Splinter Review
supplemental fix for seamonkey and fixes the typo
2.09 KB, patch
mscott
: review+
mscott
: superreview+
chofmann
: approval1.7+
Details | Diff | Splinter Review
I'm unable to search using a the directory: ldap://dir.certifikat.dk All I'm getting is: Protocol error requested protocol version not allowed This is because Mozilla doesn't support LDAP v3 ldap://dir.certifikat.dk is a LDAP v3 only. You cant use LDAP v2 you can use the following command lines to verify: ldapsearch -P 3 -h dir.certifikat.dk -b 'c=DK' -x'(cn=Peter Lind*)' cn this works ldapsearch -P 2 -h dir.certifikat.dk -b 'c=DK' -x'(cn=Peter Lind*)' cn this doesn't What is needed for LDAP v3 to be supported? 20030318
Ideally the LDAPv2 vs. LDAPv3 issue would be handled inside the directory/xpcom layer. I am not sure if the Mozilla code always issue an LDAP bind operation or not, but if you try to bind using version 3 to an LDAPv2 server, a protocol error will be returned. So the usual approach is to try LDAPv3 and fall back to v2 if the server returns that protocol error. But LDAPv2 is pretty old these days. It would probably be OK to always use v3 by default and have a config. option that says "use v2." Setting the protocol version is simple to do globally before any LDAP * handles have been created: int ldversion = LDAP_VERSION3; ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &ldversion ); Or it may be set on a LDAP * basis using a similar call to ldap_set_option().
Would be a good idea to just switch to LDAP v3, but do we really need yet another pref for a really depreciated protocoll ? I mean Mozilla has more then enough hidden und normal prefs quite know. Would be more interesting to find out which LDAP servers do actually not provide LDAP v3 if any. Another question is, what about write support for the Adressbook, currently I cannot add new contacts to an LDAP Server -> enter new bug ? (No one existing quite now) These two things would make Mozilla perfect for my needs
can anybody verify that connecting and/or searching is not working at: ldap://dir.certifikat.dk it's a ldapv3 only directory
I can confirm that Mozilla does not work with LDAP v3 only based servers due to my own experience. I only got it to work when I explicitly enabled v2 on my LDAP Server. //Carsten
is adding LDAPv3 support to Mozilla a large job or....? All danes are given a digital signature and the directory that holds the certificates is running LDAPv3 only...:( So no access for mozilla users. Outlook Express supports LDAPv3
*** Bug 218988 has been marked as a duplicate of this bug. ***
Please include v3 support. Openldap 2 defaults to using version 3. Can not use Mozilla :-(
*** Bug 209304 has been marked as a duplicate of this bug. ***
As pointed out in http://bugzilla.mozilla.org/show_bug.cgi?id=209304#c1 OpenLDAP can be set to still allow v2 connects. In any case, I hope to get Moz defaulting to v3 in 1.7a.
Status: NEW → ASSIGNED
Hardware: PC → All
Target Milestone: --- → mozilla1.7alpha
I followed the suggestion in comment #1 and inserted the lines mentioned there in the file: directory/xpcom/base/src/nsLDAPConnection.cpp at line 933. Works for me now. OK, it fails on the first lookup, but I guess this is, because I choosed the wrong place to insert the lines. So it shouldn't be too hard for someone with a little more knowledge of the mozilla codebase to fix this bug, shouldn't it? If anyone would like to try it, the "fixed" version is here: http://www.holy-penguin.de/libmozldap.so (gcc (GCC) 3.2.3 20030316 (Debian prerelease)) Tested with thunderbird >=0.4, simply replaced components/libmozldap.so.
I want to make v2 available via hidden pref, so the actual changes I'm working on are somewhat more complicated, as they have to tweak a few interface methods to take a version param, as well as all the callers. I still hope to get this in to 1.7a.
Flags: blocking1.7a?
*** Bug 12332 has been marked as a duplicate of this bug. ***
Comment on attachment 141127 [details] [diff] [review] patch to add and use a .protocolVersion preference, v1 r/sr=sspitzer on just the ldap changes, with some nits suggested to dmose over aim. the x-image-url stuff is not part of this fix.
Attachment #141127 - Flags: superreview+
Attachment #141127 - Flags: review+
Attached patch .protocolVersion patch, v2 (obsolete) — Splinter Review
Got rid of extraneous files, extraneous tab chars, and replaced a few hardcorded numbers with symbolic constants.
Attachment #141127 - Attachment is obsolete: true
Comment on attachment 141131 [details] [diff] [review] .protocolVersion patch, v2 Carrying forward r+sr (which, despite what the bug says, actually came from sspitzer, not mscott).
Attachment #141131 - Flags: superreview+
Attachment #141131 - Flags: review+
Forget a break statement in nsLDAPConnection. Added some code so that LDAP autoconfig won't break with this patch. LDAP autoconfig will now use LDAPv3 unless the user adds a "setLDAPVersion" call to their autoconfig script before calling getLDAPAttributes().
Attachment #141131 - Attachment is obsolete: true
Comment on attachment 141220 [details] [diff] [review] .protocolVersion patch, v3 r/sr=sspitzer
Attachment #141220 - Flags: superreview+
Attachment #141220 - Flags: review+
Need to patch the tbird version of MsgComposeCommands.js as well.
Comment on attachment 141220 [details] [diff] [review] .protocolVersion patch, v3 + try { + `protocolVersion = sPrefs.getCharPref(autocompleteDirectory + + ".protocolVersion"); a quote char ' snuck its way before protocol version, so please don't check this in without removing it!
a=chofmann for 1.7a. if we are going to land this we need to do it pretty quick.
Flags: blocking1.7a? → blocking1.7a+
Dan, if you want me to land this, I can - just let me know.
fixed on trunk, a=chofmann.
this busted mongo (IRIX 6.5 ports tinderbox): cc-1162 CC: ERROR File = /build2/tinderbox/mozilla/build/IRIX_6.5_Depend/mozilla/directory/xpcom/base/src/nsLDAPChannel.cpp, Line = 643 Too few arguments in function call. : PR_FALSE, EmptyCString(), this, nsnull); ^ It looks like changes to nsLDAPChannel got left out of the patch.
nsLDAPChannel isn't used on most platforms - not sure why it's used on IRIX, but I bet that's why Dan left it out of the patch. I can look at it in the morning.
this should fix the build bustage - this file is only compiled if MOZ_LDAP_XPCOM_EXPERIMENTAL is turned on. I don't know how to check if the user wants v2 vs v3 ldap here, but v3 will do for now.
marking fixed
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
using trunk-build from 20040309 and added an LDAP-addressbook it sets user_pref("ldap_2.servers.slstdtestsystem.protocolVersion", "2"); There is no UI to set the version and the default for new addressbooks seems to be 2? My old addressbook uses LDAPv3 because the default of nothing is in prefs.js is V3?
I am using 1.7RC1 build ID:2004042109. I changed protocolVersion property from 3 to 2 by about:config page. Because LDAP server of my organization is only support LDAPv2. I found this property have worked partialy yet. When I queried by "Address Book" tool, I could monitored the version field of the LDAP Bind Request packet was 2 by Ethereal network packet capture tool. But when I queried by "To:" pane of the compose mail window, the version field of the packet was 3 and displayed "<LDAP initialization problem>" message and "Error code 2:Protocol error Please contact your System Administrator" message was popped up.
I think we missed a case here as pointed out in: http://bugzilla.mozilla.org/show_bug.cgi?id=198168#c29
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
This still needs testing but should fix the problem. Oddly, I don't see any of these change's in Seamonkey's MsgComposeCommands.js. Hmmm.
Attachment #147097 - Flags: superreview+
Comment on attachment 147097 [details] [diff] [review] fix typo to let you turn of v3 for ldap auto complete r=dmose
Attachment #147097 - Flags: review+
mscott: in the attachment here that was slated to land originally (".protocolVersion patch, v3"), there was patch for the seamonkey MsgComposeCommands.js, complete with my typo of using ".login" instead of ".version". I bet this didn't get landed with the rest of the patch. If you could land your corrected version in the SeaMonkey MsgComposeCommands.js on the 1.7branch & trunk, that would totally rule.
Yeah David and noticed that last night. Here's a new patch that has the missing part for seamonkey plus fixes the typo.
Comment on attachment 147109 [details] [diff] [review] supplemental fix for seamonkey and fixes the typo carrying over the r and sr. This needs to go into the 1.7 branch for sure
Attachment #147109 - Flags: superreview+
Attachment #147109 - Flags: review+
Attachment #147109 - Flags: approval1.7?
fixed on the tbird 0.6 branch fixed on the trunk Leaving open for 1.7 approval
(In reply to comment #35) > (From update of attachment 147109 [details] [diff] [review]) > carrying over the r and sr. This needs to go into the 1.7 branch for sure Get you this code compiled without any error? I don't think. + `protocolVersion = sPrefs.getCharPref(autocompleteDirectory + ^ It seems there is another typo.
I fixed that ' charcter when I checked in already.
Comment on attachment 147109 [details] [diff] [review] supplemental fix for seamonkey and fixes the typo a=chofmann for 1.7
Attachment #147109 - Flags: approval1.7? → approval1.7+
now fixed on the 1.7 branch too
Status: REOPENED → RESOLVED
Closed: 21 years ago21 years ago
Keywords: fixed1.7
Resolution: --- → FIXED
I guess bug 238485 and bug 240588 is duplication of this bug. I could use ldap query on mail composer of latest trunk.
Once again, I hate to admit it, but MS got it right... Outlook Express tries v3 and if it fails uses v2. Believe it or not, there are a number of places still using v2. Having a preference is a nice thing, but walking 2000+ users through changing them is not nice.
It surprises me that there are a lot of LDAP servers that still do not recognized LDAPv3. In Comment #1 I said: ... So the usual approach is to try LDAPv3 and fall back to v2 if the server returns that protocol error. But LDAPv2 is pretty old these days. It would probably be OK to always use v3 by default and have a config. option that says "use v2." Sounds like I was wrong :(
(In reply to comment #43) > Sounds like I was wrong :( Maybe simply too strict for enterprise use. I would recommend: - open a new bug - link to this bug comment 42 - subject: LDAP v3 - fallback to v2 if v3 connect doesn't work with >=1.7 - Flag: block 1.7+ - reason: change in behaviour too heavy too handle for enterprises with LDAP v2 Servers. support for manual switchback too hard to handle. - add a comment here to link this bug to the new bug
(In reply to comment #44) > I would recommend: > > - open a new bug > - link to this bug comment 42 > - subject: LDAP v3 - fallback to v2 if v3 connect doesn't work with >=1.7 > - Flag: block 1.7+ - reason: change in behaviour too heavy too handle for > enterprises with LDAP v2 Servers. support for manual switchback too hard to handle. > - add a comment here to link this bug to the new bug http://bugzilla.mozilla.org/show_bug.cgi?id=242789
Mike: you're right, the fallback is a better approach. As far as deploying to a large group of users, you might want to take a look at mozptch <http://mozptch.mozdev.org/>, as it seems designed to solve exactly this problem.
Verified as fix on latest 1.7 branch 06-24 builds. Changing keywords from fixed1.7 to verified1.7. Leave this bug status "as is" until this bug be verified on trunk again...
Keywords: fixed1.7verified1.7
*** Bug 249210 has been marked as a duplicate of this bug. ***
Product: MailNews → Core
Has this been done? Has the edit LDAP function been added? This will enable me to remove the need to move to Exchange server. See bug 86405
ldap v3 is supported, but editing hasn't been implemented yet.
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: