ldap_result2error, ldap_parse_result

[Howard Chu <hyc@highlandsun.com>]

I came upon an ambiguous situation regarding the difference between the v2
and v3 LDAP C APIs as implemented in OpenLDAP. I know ldap_result2error is
provided for backward compatibility with v2 clients - that's fine. However,
the implementations that I've seen (looking at OpenLDAP and Mozilla SDK)
have a slight problem that I'd like help resolving.

Here's the Mozilla ldap_result2error, which is a wrapper for
ldap_parse_result:

        lderr_parse = ldap_parse_result( ld, r, &lderr, NULL, NULL, NULL,
            NULL, freeit );

        if ( lderr_parse != LDAP_SUCCESS ) {
                return( lderr_parse );
        }

        return( lderr );

The strategy is "if the parse failed, return the failure code, otherwise
return the server's result code." That makes sense, for the most part.
However, if the parse returns LDAP_MORE_RESULTS_TO_RETURN, then this will be
returned to the caller instead of the server's result code. I believe this
is wrong for a number of reasons:
   The RFC 1823 description of ldap_result2error says that it returns a
result indicating the outcome of the operation. The RFC also explicitly
lists all the possible result codes. The LDAP_MORE_RESULTS_TO_RETURN result
does *not* indicate a parsing failure, the parse was actually successful; it
does not relate to the outcome of the given operation, and it is not a value
a client would expect to get back from ldap_result2error.

The question is what is the correct result to return - I believe in the case
where ldap_parse_result returns LDAP_MORE_RESULTS_TO_RETURN,
ldap_result_error should be returning the server error code, not the parse
result code.

Comments?