[Date Prev][Date Next]
Re: When can Search return errors (post name resolution)
I've always assumed this only meant "don't return NO_SUCH_OBJECT if the
search result set is empty." Certainly other issues should be noted if
Jim Sermersheim wrote:
How literally are we to take the statement from X.511:
"The request succeeds, subject to access controls, if the baseObject is
located, regardless of whether there are any
subordinates to return"?
For example, if an alias loop is detected while searching, is it
silently ignored? Similarly, if an alias cannot be dereferenced while
searching, do we not return aliasProblem?
Surely, if there is an internal error (out of memory, etc.) the request
does not succeed.
Of course sizeLimitExceeded and timeLimitExceeded may be returned even
if the base object is located, but in X.511 these are not returned as
ERRORS, they are returned in partialOutcomeQualifier.
[Protocol] says this instead:
" Servers MUST NOT return errors if attribute descriptions or matching
rule ids are not recognized, assertion values are invalid, or the
assertion syntax is not supported. More details of filter processing
are given in Clause 7.8 of [X.511]."
I've had it asked whether LDAP implementations are to go beyond this
statement and never fail a search once name resolution has completed (as
is implied by X.511), and specifically, what to do about alias
derefrencing problems while searching.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support