[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Issues I've had migrating from openldap-1 to openldap-2



> From:  "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> Date:  Fri, 06 Jul 2001 16:52:01 -0700
>
> At 10:04 AM 7/5/2001, Chris Garrigues wrote:
> >[ Second attempt; I mailed this on Tuesday, but it appears to have never 
> >  gotten posted. ]
> >
> >Aside from the learning curve on getting my database in a useable conditio
> n, 
> >I've had a couple of issues which could probably be fixed in the code.
> >
> >1) It seems that references really don't work right when a v2 query comes 
> in.  
> >If the client is switched to use the v3 protocol, you get the right refere
> nce, 
> >but if it's using v2, the URL is incomplete.
> 
> Not sure what you mean by incomplete.  I'll note that certain
> URL fields are optional in referrals.  For LDAPv2 referrals,
> see <http://www.umich.edu/~dirsvcs/ldap/doc/other/ldap-ref.html>.

Let me take a step backwards.  When openldap-2.0.11 talks to itself via LDAPv2 
referrals appear different than they do when it talks to itself via LDAPv3.  
For example:

# ldapsearch -x -P3 '(cn=nothere)'
version: 2

#
# filter: (cn=nothere)
# requesting: ALL
#

# search reference
ref: ldap://10.1.2.1/ou=networks,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=hosts,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=services,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=group,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=people,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=rpc,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=protocols,o=vircio,c=US

# search reference
ref: ldap://10.1.2.1/ou=domains,o=vircio,c=US

# search result
search: 2
result: 0 Success

# numResponses: 9
# numReferences: 8

# ldapsearch -x -P2 '(cn=nothere)'
version: 2

#
# filter: (cn=nothere)
# requesting: ALL
#

# search result
search: 2
result: 9 Partial results and referral received
text: Referral:
ldap://10.1.2.1
ldap://10.1.2.1
ldap://10.1.2.1
ldap://10.1.2
 .1
ldap://10.1.2.1
ldap://10.1.2.1
ldap://10.1.2.1
ldap://10.1.2.1

# numResponses: 1

Not only are these responses different, but there is insufficient information in 
the LDAPv2 response to recreate the LDAPv3 response.

> >Once I've got everything 
> >upgraded this won't be an issue for me any more, but fixing it would make the 
> >transition easier.

I've finally got everything speaking LDAPv3 and my problems have gone away, so 
this issue is now academic for me (although I am still concerned that others 
will hit it as well).

Chris

-- 
Chris Garrigues                 http://www.DeepEddy.Com/~cwg/
virCIO                          http://www.virCIO.Com
4314 Avenue C                   
Austin, TX  78751-3709		+1 512 374 0500

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.


Attachment: pgpcixuVfegu1.pgp
Description: PGP signature