[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4669) Strange `ldapsearch' behaviour

To: openldap-its@OpenLDAP.org
Subject: (ITS#4669) Strange `ldapsearch' behaviour
From: sriharsha.setty@hp.com
Date: Mon, 11 Sep 2006 14:34:39 GMT

Full_Name: Sriharsha Setty
Version: 2.2.13-4 
OS: RHEL 4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.88.255.123)


Hi folks, 

ldapsearch utility behaves in a strange way with the following instance
ldap.conf file:

/etc/openldap/ldap.conf
------------------------------------------------------------------------
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

uri ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12
ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12

# The distinguished name of the search base.
base o=xc0

# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
tls_checkpeer yes

# SSL cipher suite
# See man ciphers for syntax
tls_ciphers  HIGH:MEDIUM:+SSLv3:RSA

tls_cacert /etc/openssl/xc0-cert.pem
tls_reqcert demand
-----------------------------------------------------------------

With the uri in the above file, it fails to look up each of the uri mentioned.
Instead ,it just looks up localhost:389. Note that the string is 140 chars long
including the key uri and the newline at the end. 

Out put of `ldapsearch -x -LLL "(sn=smith)" cn sn telephoneNumber -v -d 7'
============================================
ldap_initialize( <DEFAULT> )
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_is_socket_ready: error on socket 3: errno: 113 (No route to host)
ldap_close_socket: 3
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
[root@xc30on8 ~]# 
====================================================
Also, if the total length of the uri line (including the characters uri + a new
line at the end) execeeds 128 characters, the search string is truncated after
that. 

It could be that the two of them are related. I am not sure, though. 

Thank you, 
/harsha

Prev by Date: (ITS#4668) back-monitor causes entry lock if subordinate scope (unhandled) is requested
Next by Date: Re: (ITS#4666) -d ? says: unrecognized log level '?'
Index(es):
- Chronological
- Thread