[Date Prev][Date Next] [Chronological] [Thread] [Top]

back-ldap problem with Win2000 Active Directory



Hi,
  we are currently using slapd with back-ldap to connect to an Active
Directory LDAP server:

 client <--> sldap
               ^
               | 
               v
           back-ldap <--> Active Directory

  When doing some simple searches (ldapsearch -s one "uid=toto"),
back-ldap crashes with the following message:

slapd: result.c:518: send_search_result: Assertion `!(((0x51) <= (( err
))) && ((( err )) <= (0x61)))' failed.

  There is no problem without the "-s one" option.

  After some debug, it appears that AD sends some non-standard messages;
in response to the search request, back-ldap gets the following message
(captured with Ethereal):

Search Result:
 Result code: 0x09
 Matched DN: (null)
 Error message: Referral:
ldap://thehost.com/CN=Configuration,DC=thehost,DC=com??base

  The result code of 9 is not valid (it is written to be reserved in
RFC2251) but OpenLDAP seems to understand that it is a referal. The
problem is that the URL of the referal is not well parsed; in response
to this search result, back-ldap sends another search request to the AD:

Search Request:
 Base DN: CN=Configuration,DC=thehost,DC=com??base
 Scope: Single
 ...

  There shouldn't be "??base" in the base DN and the scope should be
"base". Then AD replies with another result code 9 search result but
with a referal to "thehost.com??base" which leads to the slapd crash.

  Does anybody knows how to fix this problem?

Thanks.
-- 
Bertrand Croq - VIRTUAL NET (http://www.virtual-net.fr)
80, avenue des Buttes de Coesmes - 35700 RENNES
tel: +33 2 23 21 06 30 - fax: +33 2 99 38 16 85