[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: chase referrals not working with ADS dc's (ITS#2504)

To: openldap-its@OpenLDAP.org
Subject: AW: chase referrals not working with ADS dc's (ITS#2504)
From: Tobias.Loecke@Bertelsmann.de
Date: Wed, 14 May 2003 11:26:02 GMT

Hi,

I have changed the real domain names to numbers, so this is just to hide our
offical names.

Although I guess I know what the problem is: I have to authenticate before
doing any LDAP searches (this is default in active directory). And openldap
referral chasing does not do that, I might need to implement the rebind
callback function

Tobias

-----Ursprüngliche Nachricht-----
Von: Kurt@OpenLDAP.org [mailto:Kurt@OpenLDAP.org]
Gesendet: Mittwoch, 14. Mai 2003 01:33
An: openldap-its@OpenLDAP.org
Betreff: Re: chase referrals not working with ADS dc's (ITS#2504)

At 06:04 AM 5/12/2003, tobias.loecke@bertelsmann.de wrote:
>Full_Name: Tobias
>Version: 2.1.17
>OS: RedHat
>URL: 
>Submission from: (NULL) (145.228.82.156)
>
>
>Hello all-
>
>we have an ADS with multiple subdomains which I need to search in one
single
>ldap search, but unfortunately chasing referrals seem not to work against
ADS.

The LDIF below indicates that the problem that you are seeing is
with regards to search continuation (reference) handling, not
referral handling.

>Regarding to this posting, this issue should have been fixed but isn't
>http://www.openldap.org/lists/openldap-devel/200010/msg00106.html

I don't see this post as describing the same problem.

>The LDAP search
>  ldapsearch -C -a always -s sub -h IP -b dc=2,dc=1 -x -D CN=user -w pw
>cn=something
>will not find anything in dc=3,dc=2,dc=1 (DNS resolution for 3.2.1. is
working
>properly and only resolves to LDAP servers).

Well, I would suspect that you might run into problems using
domains where the TLD was all numeric.  A lot of software
will consider 3.2.1 to be an IPv4 address literal.  You
might try using a real TLD.

>You'll find the full output below. The search result for the referrals is
>correct,

Okay.

>but given the amount of time for the search the referrals are not
>chased. (Sorry, can't sniff at the moment, working on that....)

I suggest you use a debugger or a sniffer to determine that for
sure.  I certainly not going to assume a particular behavior
based solely on the amount of time taken.

>Any ideas whats wrong? We tried openldap 2.0.11 and now 2.1.17 as well, but
had
>the very same result...

I don't see a clear indication of a openldap software bug.

>Thank you,
>
>Tobias
>
>
>
>The output looks like this:
>ldapsearch -C -a always -h <IP> -b dc=2,dc=1 -x -s sub -P 3 -D
>CN=userid,OU=x,OU=y,OU=z,DC=3,DC=2,DC=1 -w xyz mail=tobias*
># extended LDIF
>#
># LDAPv3
># base <dc=2,dc=1> with scope sub
># filter: mail=tobias*
># requesting: ALL
>#
>
># search reference
>ref: ldap://5.2.1/DC=5,DC=2,DC=1
>
># search reference
>ref: ldap://4.2.1/DC=4,DC=2,DC=1
>
># search reference
>ref: ldap://2.1/CN=Configuration,DC=2,DC=1
>
># search reference
>ref: ldap://3.2.1/DC=3,DC=2,DC=1
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 5
># numReferences: 4

Prev by Date: Re: back-meta does not compile (ITS#2483)
Next by Date: back-ldap prints pointer as integer (ITS#2511)
Index(es):
- Chronological
- Thread