[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP_OPERATIONS_ERROR instead of LDAP_INSUFFICIENT_ACCESS (ITS#1987)

To: openldap-its@OpenLDAP.org
Subject: LDAP_OPERATIONS_ERROR instead of LDAP_INSUFFICIENT_ACCESS (ITS#1987)
From: michael@stroeder.com
Date: Fri, 26 Jul 2002 00:40:18 GMT

Full_Name: 
Version: REL_ENG_2_1
OS: SuSE Linux 8.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (217.1.21.54)


What's the rationale behind changing the error code returned if a write access
to the directory with anonymous bind fails?

In OpenLDAP 2.0.x and any other LDAP server I know of LDAP_INSUFFICIENT_ACCESS
is returned if the add or modify operation fails. Some LDAP servers return a
nice info field. This separate error code is very handy since the application
can catch this particular error and ask the user to (re-)login (very handy e.g.
in web2ldap ;-).

But OpenLDAP 2.1.x returns LDAP_OPERATIONS_ERROR with info field saying
"modifications require authentication". This is bad since LDAP_OPERATIONS_ERROR
can be anything and an application should not rely on the free text info
message. With this behaviour the application is not able to guide the user and
present a login form.

Prev by Date: Unknown error: cache add failed (ITS#1986)
Next by Date: Re: LDAP_OPERATIONS_ERROR instead of LDAP_INSUFFICIENT_ACCESS (ITS#1987)
Index(es):
- Chronological
- Thread