[Date Prev][Date Next] [Chronological] [Thread] [Top]

Multiple referrals not working

I'm having a problem getting multiple referrals to work using OpenLDAP

System: Solaris 2.6; UltraSPARC; gcc 3.0.1 & 2.95.2 both tried (I also
have 2.8.0 available). Client is talking to a Netscape LDAP server for
account information; it uses a non-standard "uid" attribute instead of
"userid", but otherwise there's nothing special about it.

(If it's relevant: the LDAP server stores account information under
several separate search bases, and has an additional search base that
causes a referral to all the others to simplify access; for simplicity,
I'll talk about these as separate servers, though they're actually
different ways of accessing the same server process.)

I'm currently using OpenLDAP 1.2.0, which is working fine, but I would
like to change to a newer version. The problem can be shown by the
ldapsearch tool, though I first noticed it in our hacked-about version
of mod_ldap for Apache (i.e. the problem seems to be in the libraries,
not the ldapsearch program). The search-mode is "sub-tree".

1.2.0 (compiled with gcc 2.8.0):
ldapsearch normally follows referrals automatically, and a search for
'uid=NCole' successfully finds my entry. When used with the '-R' option,
it doesn't, and instead displays the list of LDAP servers to search
(there are 5); when the correct one of these is visited directly, it
returns the same result as the default search. So far, so good.

ldapsearch normally does not follow referrals automatically; the search
returns the same list of five LDAP servers as with 1.2.0 (with
numResponses:1), and a direct search of the server my entry is on will
return it (with numResponses:2 and numEntries:1). However, telling
ldapsearch to follow referrals fails to return my entry (with

If I repeat the search, but with an account that I know is on the first
referred server, the referral is correctly followed and the account
information returned. So it looks as though only the first referral is
taking effect, and subsequent ones are either not acted on or ignored.

I'd formally report this as a bug, but I'm still a beginner at LDAP and
I'd like to confirm that I'm not simply doing something silly :-)

(BTW, this appears to be different from the bug reported in ITS#799).
Dr. Nigel Cole