On Thu 10 Mar 2005 at 20:46:51 +0900, Dick Davies wrote:

> 
> Can anyone tell me where I'm going wrong here?
> I'm trying to write a very simple ldap authenticator, which does
> 
> get user and pass
> open connection to server
> bind anonymously
> map the user to a dn
> bind as dn and pass <- this goes boom
> 
> when I rebind I get an error. Here's a cut down version:
> 
> 
> $ irb -r ldap
> irb(main):001:0> conn = LDAP::SSLConn.new('ldap.server',389,true)
> => #<LDAP::SSLConn:0x812ec70>
> irb(main):002:0> a = conn.bind
> => #<LDAP::SSLConn:0x812ec70>
> irb(main):003:0> a.unbind
> => nil
> irb(main):004:0> b = conn.bind
> LDAP::InvalidDataError: The LDAP handler is already unbind()'ed.
>         from (irb):4:in `bind'
>         from (irb):4
> 
> 
> 
> if I omit the unbind(), I get 'The LDAP handler is already binded'

Conn#unbind doesn't just unbind from the server; it also destroys the
connection object when it calls ldap_unbind().

From ldap_unbind(3):

UNBINDING
       The ldap_unbind() call is used to unbind from the directory,
       terminate the  current  association,  and free the resources
       contained in the ld structure.  Once it is called, the connection
       to the  LDAP  server  is closed,  and the ld structure is
       invalid.  The ldap_unbind_s() call is just another name for
       ldap_unbind(); both  of  these  calls  are  synchronous in
       nature.

So, think of Conn#unbind as being more of a Conn#destroy, in that the
Conn object effectively no longer exists after the unbind.

Cheers,

Ian
-- 
Ian Macdonald               | Time is but the stream I go a-fishing in.  
System Administrator        | -- Henry David Thoreau 
ian / caliban.org             | 
http://www.caliban.org      | 
                            |