Re: resultCode vs API error code (Was: Testing successful bind)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, Jun 09, 2000 at 07:15:36AM -0700, Kurt D. Zeilenga wrote:
> At 11:35 PM 6/8/00 -0700, Paul Heinlein wrote:
> >On Thu, 8 Jun 2000, Yann Ramin wrote:
> >
> >> I've noticed that no error code is returned when a bind operation uses
> >> invalid credentials.  ?  How can I test if a bind was successful or
> >> not?  This is my main LDAP authentication scheme :)
> 
> Return of a success resultCode.

> For the upcoming C API specification, the authors and I
> are discussing two approaches to resolve this issue.
> 	1) have API routines return an API error code
> 		and provide separately protocol results
> 		(including resultCode)
> 	2) using negative values codes to indicate
> 		API error codes (because resultCodes must be
> 		non-negative).
> 
> If I was designing a new API, I'd choose option 1.  With
> the C API, some (not I) prefer option 2 because it is
> less intrusive to older programs.  And some are
> willing to assume that clients and servers will be
> well behaved (despite operational experience to the
> contrary).
> 
> It appears that net:::LDAP makes the same mistake.

Maybe, but that is only because to some extent it was based on the C API.

However, I think the current approach is close to what is wanted.

Having to check two places for an error is not optimal.

I had always planned to extend the current scheme to allow better local
errors. But I intended to do this by using a single code from the protocol
(LDAP_LOCAL_ERROR) and then have the Message object store extended information
about the local error.

This still allows people to write code only check one place for an error.

Graham.