On Thu, Oct 27, 2011 at 07:22:05PM -0700, Quanah Gibson-Mount wrote:
> The issue I fixed today would affect any postfix build with an
> OpenLDAP API at least as far back as OpenLDAP 2.1. What postfix
> revisions you fix are entirely up to you of course, and I think
> reasonably I wouldn't expect you to fix unsupported postfix
> releases, but it is not limited to the OpenLDAP 2.4 API.
No, in OpenLDAP 2.3.4, the ldap_parse_sasl_bind_result()
function returns an error when bind operations fail:
... openldap-2.3.4/libraries/libldap/sasl.c line 349:
ld->ld_errno = errcode;
if ( freeit ) {
ldap_msgfree( res );
}
return( ld->ld_errno );
}
Therefore, with OpenLDAP 2.3(.4) or older the Postfix code does not
IMHO fail to detect failed logins. What evidence do you have to
the contrary?
--
Viktor.
