[Date Prev][Date Next] [Chronological] [Thread] [Top]


Version: REL_ENG_2_1
OS: SuSE Linux 8.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

What's the rationale behind changing the error code returned if a write access
to the directory with anonymous bind fails?

In OpenLDAP 2.0.x and any other LDAP server I know of LDAP_INSUFFICIENT_ACCESS
is returned if the add or modify operation fails. Some LDAP servers return a
nice info field. This separate error code is very handy since the application
can catch this particular error and ask the user to (re-)login (very handy e.g.
in web2ldap ;-).

But OpenLDAP 2.1.x returns LDAP_OPERATIONS_ERROR with info field saying
"modifications require authentication". This is bad since LDAP_OPERATIONS_ERROR
can be anything and an application should not rely on the free text info
message. With this behaviour the application is not able to guide the user and
present a login form.