Issue 8706 - illogical return from ldap_search_ext_s()
Summary: illogical return from ldap_search_ext_s()
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-04 18:20 UTC by kurt.w.heberlein@hpe.com
Modified: 2017-09-11 16:47 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description kurt.w.heberlein@hpe.com 2017-08-04 18:20:44 UTC 
Full_Name: Kurt Heberlein
Version: 2.4.40+patches
OS: Debian Wheezy
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (66.168.54.228)


Using simple binding with TLS, i have a successfully bound (authenticated) user,
and using the same LDAP*, i experience intermittent failures attempting to
retrieve the user's memberOf list.   The failure manifests itself as a return
from ldap_search_ext_s() with a return code of LDAP_SUCCESS but a NULL results
pointer.

Most of the time this call correctly returns the list of groups the user is a
member of, but intermittently it returns a NULL list even though the return code
is LDAP_SUCCESS.    There is no other error indication.   What am i missing?

The call looks like this:
 
ret = ldap_search_ext_s(lp, base, scope, filter, attrs, 0, NULL, NULL, NULL, -1,

 &res);

if(ret != LDAP_SUCCESS) {
 ...
} else {
  assert(res != NULL);
  for(msg = ldap_first_message(lp, res); msg != NULL; msg =
ldap_next_message(lp, msg)) {
      ...

Where lp is the LDAP* pointer of for the successful bind of user
      base = "DC=EMEA,DC=AD,DC=SOMECOMPANY,DC=COM"
      scope = LDAP_SCOPE_SUBTREE
      filter = "(&(objectClass=user)(sAMAccountName=someusername))"
      attrs = attrs[0] = "memberOf"
              attrs[0] = NULL
      
i dont find any documentation that indicates that res could be NULL after
LDAP_SUCCESS is returned from the search.  

Thanks
Comment 1 Howard Chu 2017-08-05 01:30:07 UTC 
kurt.w.heberlein@hpe.com wrote:
> Full_Name: Kurt Heberlein
> Version: 2.4.40+patches
> OS: Debian Wheezy
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (66.168.54.228)
> 
> 
> Using simple binding with TLS, i have a successfully bound (authenticated) user,
> and using the same LDAP*, i experience intermittent failures attempting to
> retrieve the user's memberOf list.   The failure manifests itself as a return
> from ldap_search_ext_s() with a return code of LDAP_SUCCESS but a NULL results
> pointer.
> 
> Most of the time this call correctly returns the list of groups the user is a
> member of, but intermittently it returns a NULL list even though the return code
> is LDAP_SUCCESS.    There is no other error indication.   What am i missing?

Read RFC 4511.

The ITS is for bug reports, not technical questions. There's no bug here. 
Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 2 OpenLDAP project 2017-09-11 16:47:24 UTC 
invalid
Comment 3 Quanah Gibson-Mount 2017-09-11 16:47:24 UTC 
changed notes
changed state Open to Closed