[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8706) illogical return from ldap_search_ext_s()

Full_Name: Kurt Heberlein
Version: 2.4.40+patches
OS: Debian Wheezy
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Using simple binding with TLS, i have a successfully bound (authenticated) user,
and using the same LDAP*, i experience intermittent failures attempting to
retrieve the user's memberOf list.   The failure manifests itself as a return
from ldap_search_ext_s() with a return code of LDAP_SUCCESS but a NULL results

Most of the time this call correctly returns the list of groups the user is a
member of, but intermittently it returns a NULL list even though the return code
is LDAP_SUCCESS.    There is no other error indication.   What am i missing?

The call looks like this:
ret = ldap_search_ext_s(lp, base, scope, filter, attrs, 0, NULL, NULL, NULL, -1,


if(ret != LDAP_SUCCESS) {
} else {
  assert(res != NULL);
  for(msg = ldap_first_message(lp, res); msg != NULL; msg =
ldap_next_message(lp, msg)) {

Where lp is the LDAP* pointer of for the successful bind of user
      scope = LDAP_SCOPE_SUBTREE
      filter = "(&(objectClass=user)(sAMAccountName=someusername))"
      attrs = attrs[0] = "memberOf"
              attrs[0] = NULL
i dont find any documentation that indicates that res could be NULL after
LDAP_SUCCESS is returned from the search.