[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Cannot follow referrals in C program

To: "Christine Robertson" <chris@coreng.com.au>, <openldap-software@OpenLDAP.org>
Subject: RE: Cannot follow referrals in C program
From: "Howard Chu" <hyc@symas.com>
Date: Fri, 20 Sep 2002 00:34:05 -0700
Importance: Normal
In-reply-to: <200209200640.g8K6eOds075518@mippet.ci.com.au>

Since 2.0.26 was just released today with some crucial indexing bugfixes, I
feel obligated to recommend that you upgrade, but that's not directly
relevant to your question...

Most likely, you haven't called ldap_set_option() to select LDAP_VERSION3.
The libldap library defaults to LDAP_VERSION2, while the ldapsearch tool
defaults to LDAP_VERSION3.

Note that referrals and continuation references are not the same thing.
LDAPv2 only supports referrals, and a referral can only be returned in the
result of of an operation. Also, when multiple referrals are returned, they
are all supposed to be equally capable of completing the search request.
I.e., in a list of multiple referrals, all of them are supposed to point to
identical servers carrying identical data, and the client chooses arbitrarily
which single referral to follow.

LDAPv3 supports continuation references, which can be interleaved with other
search entries, as opposed to being returned in an operation result. Each
reference points to distinct components of the DIT, and the client must
pursue all of them to get a complete set of search responses.

In your attached log, the messages from 16:14:15 depict the behavior of an
LDAPv2 client following a single referral. The messages from 16:18:34 show
individual continuation references being returned and being followed.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Christine
Robertson

> We are running LDAP 2.0.23 under FreeBSD 4.6.
> We have several directories with suffixes
>
> dc=au,dc=cordoors,dc=com
> dc=my,dc=cordoors,dc=com
> dc=us,dc=cordoods,dc=com
> ...
> dc=cordoors,dc=com
>
> The final directory contains referrals to the others.
> All of this works just fine, referrals and all,
> until I try to write C programs to search from
> the top level, at which point referrals
> absolutely fail to work.
>
> I have looked at the code for ldapsearch -- I have
> even stolen chuncks of it ;-).
>
> I an setting LDAP_OPT_REFERRALS, after ldap_initialize and before
> ldap_bind:
>
> if (ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON) !=
> LDAP_OPT_SUCCESS)
> {
> 	fprintf(stderr, "Could not set LDAP_OPT_REFERRALS\n");
> 	return 1;
> }
>
> and using ldap_search_ext:
>
> if ((ret = ldap_search_ext(ld, base, LDAP_SCOPE_SUBTREE, filter, attrs, 0,
> 	sctrls, cctrls, timeout, sizelimit, &msgid)) != LDAP_SUCCESS)
>
> Base is really what I think it is (dc=cordoors,dc=com).
>
> Referrals are Just Not Followed.  What am I missing?
>
> Below is the logfile, showing a failed retrieve with my
> program, and a successful one with ldapsearch.
>
> Help pleasse!
>
> --Chris Robertson
> Corinthian Engineering
> Sydney, Australia
>
> Sep 20 16:14:15 mippet slapd[81819]: daemon: conn=12 fd=14
> connection from IP=192.65.182.30:2945 (IP=:: 34049) accepted.
> Sep 20 16:14:15 mippet slapd[81819]: conn=12 op=0 BIND dn="" method=128
> Sep 20 16:14:15 mippet slapd[81819]: conn=12 op=0 RESULT tag=97 err=0 text=
> Sep 20 16:14:15 mippet slapd[81819]: conn=12 op=1 SRCH
> base="dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:14:15 mippet slapd[81819]: conn=12 op=1 SEARCH RESULT
> tag=101 err=9 text=Referral:
> ldaps://mippet.ci.com.au:636/dc=au,dc=cordoors,
> dc=com ldaps://mippet.ci.com.au:636/dc=my,dc=cordoors,dc=com
> ldaps://mippet.ci.com.au:636/dc=id,dc=cordoors,dc=com
> ldaps://mippet.ci.com.au:
> 636/dc=th,dc=cordoors,dc=com
> ldaps://mippet.ci.com.au:636/dc=sg,dc=cordoors,dc=com
> ldaps://mippet.ci.com.au:636/dc=us,dc=cordoors,dc=com
> Sep 20 16:14:15 mippet slapd[81819]: daemon: conn=13 fd=50
> connection from IP=192.65.182.30:2946 (IP=:: 31746) accepted.
> Sep 20 16:14:15 mippet slapd[81819]: conn=13 op=0 BIND dn="" method=128
> Sep 20 16:14:15 mippet slapd[81819]: conn=13 op=0 RESULT tag=97 err=0 text=
> Sep 20 16:14:15 mippet slapd[81819]: conn=13 op=1 SRCH
> base="dc=au,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:14:15 mippet slapd[81819]: conn=13 op=1 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:14:15 mippet slapd[81819]: conn=12 op=2 UNBIND
> Sep 20 16:14:15 mippet slapd[81819]: conn=-1 fd=14 closed
> Sep 20 16:14:15 mippet slapd[81819]: conn=13 op=2 UNBIND
> Sep 20 16:14:15 mippet slapd[81819]: conn=-1 fd=50 closed
> Sep 20 16:18:34 mippet slapd[81819]: daemon: conn=14 fd=14
> connection from IP=192.65.182.30:3237 (IP=:: 34049) accepted.
> Sep 20 16:18:34 mippet slapd[81819]: conn=14 op=0 BIND dn="" method=128
> Sep 20 16:18:34 mippet slapd[81819]: conn=14 op=0 RESULT tag=97 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=14 op=1 SRCH
> base="dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=14 op=1 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: daemon: conn=15 fd=50
> connection from IP=192.65.182.30:3238 (IP=:: 31746) accepted.
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=0 BIND dn="" method=128
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=0 RESULT tag=97 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=1 SRCH
> base="dc=au,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=2 SRCH
> base="dc=us,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=3 SRCH
> base="dc=sg,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=4 SRCH
> base="dc=th,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=4 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=5 SRCH
> base="dc=id,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=6 SRCH
> base="dc=my,dc=cordoors,dc=com" scope=2 filter="(objectClass=ciServer)"
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=2 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=3 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=5 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=6 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=1 SEARCH RESULT
> tag=101 err=0 text=
> Sep 20 16:18:34 mippet slapd[81819]: conn=14 op=2 UNBIND
> Sep 20 16:18:34 mippet slapd[81819]: conn=-1 fd=14 closed
> Sep 20 16:18:34 mippet slapd[81819]: conn=15 op=7 UNBIND
> Sep 20 16:18:34 mippet slapd[81819]: conn=-1 fd=50 closed
>
>
>
>

Follow-Ups:
- Re: Cannot follow referrals in C program
  - From: Mike Jackson <mjj@pp.fi>

References:
- Cannot follow referrals in C program
  - From: Christine Robertson <chris@coreng.com.au>

Prev by Date: Re: ldap_sasl_interactive_bind_s: Unknown authentication method
Next by Date: Problem starting slapd
Index(es):
- Chronological
- Thread