[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: referrals and one level searches (ITS#818)



This is a MIME message. If you are reading this text, you may want to 
consider changing to a mail reader or gateway that understands how to 
properly handle MIME multipart messages.

--=_C99119AF.CDACD367
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Although the specification is silent on the subject of who is responsible
to determine the scope, the client libraries should probably derive the
scope for the continuation request and specify it in in the new
request when continuing a search reference.  Currently the code is
not changing scope when creating the new request.

-Steve


------------------------
Steve Sonntag
Novell, Inc., the leading provider of Net services software



>>> <markwhitehouse@home.com> 10-Oct-00 4:57:47 PM >>>
Full_Name: Mark Whitehouse
Version: 2.0.6
OS: Linux RH 6.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (24.0.41.53)


Hi,

LDAP one level searches do not seem to work correctly when a referral is
involved in the result set.

As an example, I have an LDAP server with the following referral:

  dn: ou=3Ddevices,dc=3Dfoo,dc=3Dcom
  ou: devices
  ref: ldap://host/ou=3Ddevices,dc=3Dfoo,dc=3Dcom
  objectclass: referral
  objectclass: extensibleObject

If I issue the following ldapsearch:

  ldapsearch -b 'dc=3Dfoo,do=3Dcom' -s one -P 3 -a always -C -x '(objectcla=
ss=3D*)'

The search returns the entries below dc=3Dfoo,dc=3Dcom and the entries =
*below*
ou=3Ddevices,dc=3Dfoo,dc=3Dcom.  This seems to be incorrect as a one level =
search
should return the entries directly below dc=3Dfoo,dc=3Dcom including the =
one
dreferenced referral entry.

My guess is that the slapd code, on encoutering a referral is passing the =
search
onto the referral server without modifying the scope of the search.  i.e. =
a one
level search should be translated to a base level search to be sent to the
referral server.

Mark

--=_C99119AF.CDACD367
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" http-equiv=3DContent-Type=
>
<META content=3D"MSHTML 5.00.2014.210" name=3DGENERATOR></HEAD>
<BODY style=3D"FONT: 8pt MS Sans Serif; MARGIN-LEFT: 2px; MARGIN-TOP: =
2px">
<DIV><FONT size=3D1>Although the specification is silent on the subject of =
who is=20
responsible</FONT></DIV>
<DIV>to determine the scope, the client libraries should probably =
derive=20
the</DIV>
<DIV>scope for the continuation request and specify it in in the new</DIV>
<DIV>request when continuing a search reference.&nbsp; Currently the =
code=20
is</DIV>
<DIV>not changing scope when creating the new request.</DIV>
<DIV>&nbsp;</DIV>
<DIV>-Steve</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>------------------------<BR>Steve Sonntag<BR>Novell, Inc., the =
leading=20
provider of Net services software</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR>&gt;&gt;&gt; &lt;markwhitehouse@home.com&gt; 10-Oct-00 4:57:47 =
PM=20
&gt;&gt;&gt;<BR>Full_Name: Mark Whitehouse<BR>Version: 2.0.6<BR>OS: Linux =
RH=20
6.2<BR>URL: ftp://ftp.openldap.org/incoming/<BR>Submission from: (NULL)=20
(24.0.41.53)<BR><BR><BR>Hi,<BR><BR>LDAP one level searches do not seem to =
work=20
correctly when a referral is<BR>involved in the result set.<BR><BR>As =
an=20
example, I have an LDAP server with the following referral:<BR><BR>&nbsp; =
dn:=20
ou=3Ddevices,dc=3Dfoo,dc=3Dcom<BR>&nbsp; ou: devices<BR>&nbsp; ref:=20
ldap://host/ou=3Ddevices,dc=3Dfoo,dc=3Dcom<BR>&nbsp; objectclass: =
referral<BR>&nbsp;=20
objectclass: extensibleObject<BR><BR>If I issue the following=20
ldapsearch:<BR><BR>&nbsp; ldapsearch -b 'dc=3Dfoo,do=3Dcom' -s one -P 3 -a =
always -C=20
-x '(objectclass=3D*)'<BR><BR>The search returns the entries below =
dc=3Dfoo,dc=3Dcom=20
and the entries *below*<BR>ou=3Ddevices,dc=3Dfoo,dc=3Dcom.&nbsp; This =
seems to be=20
incorrect as a one level search<BR>should return the entries directly =
below=20
dc=3Dfoo,dc=3Dcom including the one<BR>dreferenced referral entry.<BR><BR>M=
y guess=20
is that the slapd code, on encoutering a referral is passing the search<BR>=
onto=20
the referral server without modifying the scope of the search.&nbsp; i.e. =
a=20
one<BR>level search should be translated to a base level search to be sent =
to=20
the<BR>referral server.<BR><BR>Mark<BR><BR></DIV></BODY></HTML>

--=_C99119AF.CDACD367--