[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Controls handled incorrectly (ITS#2034)
Thanks for that explanation. Now that I understand the problem a bit
better I found a "correct" solution to the problem that does not involve
patching OpenLDAP.
In the JNDI program, include the following line to prevent the
ManageDSAit control from being sent:
ldapEnv.put(Context.REFERRAL, "throw");
Cheers.
"Kurt D. Zeilenga" wrote:
>
> At 11:21 AM 2002-08-20, mortis@ucalgary.ca wrote:
> >Full_Name: Jeremy Mortis
> >Version: 2.0.23
> >OS: Redhat 7.2
> >URL: ftp://ftp.openldap.org/incoming/
> >Submission from: (NULL) (136.159.213.7)
> >
> >When using an LDAP instance with multiple databases, JNDI searches fail.
> >
> >This appears to be due to the fact that JNDI passes the 'manageDSAit' control
> >along,
> >which causes the 'select_backend' routine to choose the wrong database.
>
> RFC 3296:
> The client may provide the ManageDsaIT control with an operation
> to indicate that the operation is intended to manage objects
> within the DSA (server) Information Tree
>
> The control, as discussed in RFC 3296, is commonly used to
> manage subordinate referral knowledge.
>
> By selecting the superior database, slapd is providing access
> to the subordinate referral knowledge associated with the
> baseObject.
>
> This is not a bug in OpenLDAP, but a bug in JNDI. Clients
> should only provide the ManageDSAit control when the user
> wants to manage the DSA information tree.
>
> Kurt
-- ---------------------------------------------------------------
Jeremy Mortis
Manager, Web & E-Mail Services
University of Calgary Information Technologies,
2500 University Drive, Calgary, Alberta, Canada T2N 1N4
Phone (403) 220-4423, Fax (403) 282-9199