check Version field of Bind requests by default

merlinz01 · Apr 15, 2024 · ad26c04 · ad26c04
1 parent a5e74f9
commit ad26c04
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/server.go b/server.go
@@ -173,6 +173,13 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) {
 				LDAPResultProtocolError.AsResult("invalid Bind request received"))
 			return
 		}
+		// Handle this so that implementations don't have to
+		if req.Version != 3 {
+			log.Println("Unsupported LDAP version in Bind request:", req.Version)
+			conn.SendResult(msg.MessageID, nil, TypeBindResponseOp,
+				LDAPResultProtocolError.AsResult("unsupported LDAP version specified in Bind request"))
+			return
+		}
 		conn.asyncOperations.Wait()
 		s.Handler.Bind(conn, msg, req)
 	case TypeCompareRequestOp:

diff --git a/test/main.go b/test/main.go
@@ -77,11 +77,6 @@ func (t *TestHandler) Add(conn *ldapserver.Conn, msg *ldapserver.Message, req *l
 func (t *TestHandler) Bind(conn *ldapserver.Conn, msg *ldapserver.Message, req *ldapserver.BindRequest) {
 	log.Println("Bind request")
 	res := &ldapserver.BindResponse{}
-	if req.Version != 3 {
-		res.ResultCode = ldapserver.LDAPResultProtocolError
-		res.DiagnosticMessage = "the protocol version received is not supported"
-		conn.SendResult(msg.MessageID, nil, ldapserver.TypeBindResponseOp, res)
-	}
 	switch req.AuthType {
 	case ldapserver.AuthenticationTypeSimple:
 		log.Println("Simple authentication:", req.Name, req.Credentials.(string))