[Date Prev][Date Next] [Chronological] [Thread] [Top]

Referral chasing

I'm working on some code that looks up S/MIME certificates in LDAP
databases. There are two servers, ldap.thecobblershoppe.com (which has the
cert i'm looking up) and ldap.research.netsol.com (which knows to send out
referrals to the other one).

If i start my search at ldap.thecobblershoppe.com, it works. If i start my
search at ldap.research.netsol.com, it doesn't. ldap_first_entry() returns

I've looked at a TCP dump of the conversations, and when i start at
ldap.research.netsol.com, OpenLDAP follows the referrals properly to get
to ldap.thecobblershoppe.com, and strikes up a conversation with that
server which matches exactly what it would have been if i had started at
there to begin with. I can see the search entry packet, and it definitely
contains the certificate.

Any idea why OpenLDAP would ignore this packet, after going
through the trouble of following the referrals and executing the search?

To see what i'm talking about, compare

ldapsearch -C -vvv -x -P2 -h ldap.thecobblershoppe.com -s sub -b
"dc=thecobblershoppe,dc=com" "(mail=marilyn@thecobblershoppe.com)" 

and the same thing but with -h ldap.research.netsol.com. The second time,
the certificate won't be there. But look at a TCP dump, and you'll see
that it's transmitted.

Thanks for any help. If you need me, i'll be in gdb.