How literally are we to take the statement from X.511:
"The request succeeds, subject to access controls, if the baseObject is
located, regardless of whether there are any
subordinates to return"?
For example, if an alias loop is detected while searching, is it silently
ignored? Similarly, if an alias cannot be dereferenced while searching, do we
not return aliasProblem?
Surely, if there is an internal error (out of memory, etc.) the request
does not succeed.
Of course sizeLimitExceeded and timeLimitExceeded may be returned even if
the base object is located, but in X.511 these are not returned as
ERRORS, they are returned in partialOutcomeQualifier.
[Protocol] says this instead:
" Servers MUST NOT return errors if attribute descriptions or
matching
rule ids are not recognized, assertion values are
invalid, or the
assertion syntax is not supported. More
details of filter processing
are given in Clause 7.8 of
[X.511]."
I've had it asked whether LDAP implementations are to go beyond this
statement and never fail a search once name resolution has completed (as is
implied by X.511), and specifically, what to do about alias derefrencing
problems while searching.
Jim