Endi S. Dewata added a comment - 30/Mar/06 07:44 AM

Endi S. Dewata added a comment - 30/Mar/06 07:44 AM Correction: the results from 1.0-RC1 are actually from 0.9.3. The actual results from 1.0-RC1 are identical to those from 1.1. The issue is still valid though, there are inconsistencies even within a single test case.

Alex Karasulu added a comment - 30/Mar/06 08:12 AM

Alex Karasulu added a comment - 30/Mar/06 08:12 AM According to the LDAP v3 RFC the rootDSE should be accessible to all clients. So all these tests should pass except for V2 clients. Looking at RC1 results this is pretty consistent except for this "LDAP Client" you have listed. Which client did you use exactly?

Endi S. Dewata added a comment - 31/Mar/06 02:48 AM

Endi S. Dewata added a comment - 31/Mar/06 02:48 AM Hi Alex, The "LDAP Client" tests were performed using Novell's JLDAP library without explicit bind. This should be possible under LDAP v3. As you can see in the attached program, the test case goes like this:     LDAPConnection connection = new LDAPConnection();     connection.connect("localhost", 10389);     LDAPSearchResults results = connection.search("", LDAPConnection.SCOPE_BASE,         "(objectClass=*)", new String[0], false); Here is the Javadoc of LDAPConnection class: https://svn.safehaus.org/repos/penrose/trunk/docs/ietf/org/ietf/ldap/LDAPConnection.html In the "V2 LDAP Client" it calls bind() before calling search():     connection.bind(2, null, null); // bind anonymously The same thing is done in "V3 LDAP Client" tests. Now the issues are: 1. In the 0.9.3 results (which I incorrectly marked as 1.0-RC1) when allowAnonymousAccess=true everything passed. However when allowAnonymousAccess=false some test cases passed and some failed. Granted that 0.9.3 is an old code and not being maintained anymore, this is probably a bug but ok if not fixed. 2. In the 1.1 results when allowAnonymousAccess=true only V2 test cases failed. While Root DSE is only defined in LDAPv3, I don't think it limits V2 clients to query Root DSE. Also, V2 clients were already supported in 0.9.3, why not support it in 1.1? 3. In the 1.1 results when allowAnonymousAccess=false, all V2 clients failed, also "V3 JNDI Client" and "LDAP Client (no bind)" failed. The allowAnonymousAccess parameter is not defined in any RFC. To my understanding when it's set to false it could mean:  - reject anonymous access except to Root DSE, or  - reject all anonymous acces including Root DSE. However, none of these definitions can describe the test results. What is the real definition for allowAnonymousAccess? Thank you very much! Endi

Alex Karasulu added a comment - 18/Aug/06 05:13 AM

Alex Karasulu added a comment - 18/Aug/06 05:13 AM Hmmm I think this is moot now because we've decided not to support LDAPv2. I will however look at applying endis consistency tests to non LDAPv2 based test cases. Still thanks Endi for doing this research. If you find issues with RC4-SNAPSHOT please let me know and I can reopen this issue.