Re: When can Search return errors (post name resolution)

[Howard Chu <hyc@highlandsun.com>]

I've always assumed this only meant "don't return NO_SUCH_OBJECT if the 
search result set is empty." Certainly other issues should be noted if 
they arise.

Jim Sermersheim wrote:
> How literally are we to take the statement from X.511:
> "The request succeeds, subject to access controls, if the baseObject is 
> located, regardless of whether there are any
> subordinates to return"?
>  
> For example, if an alias loop is detected while searching, is it 
> silently ignored? Similarly, if an alias cannot be dereferenced while 
> searching, do we not return aliasProblem?
>  
> Surely, if there is an internal error (out of memory, etc.) the request 
> does not succeed.
>  
> Of course sizeLimitExceeded and timeLimitExceeded may be returned even 
> if the base object is located, but in X.511 these are not returned as 
> ERRORS, they are returned in partialOutcomeQualifier.
>  
> [Protocol] says this instead:
> "   Servers MUST NOT return errors if attribute descriptions or matching
>    rule ids are not recognized, assertion values are invalid, or the
>    assertion syntax is not supported. More details of filter processing
>    are given in Clause 7.8 of [X.511]."
>  
> I've had it asked whether LDAP implementations are to go beyond this 
> statement and never fail a search once name resolution has completed (as 
> is implied by X.511), and specifically, what to do about alias 
> derefrencing problems while searching.
>  
> Jim


--
  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support