[Date Prev][Date Next]
Re: back-ldap and saslauthd err=4
Andrew Reilly wrote:
My organization has distributed our DIT across several openldap masterWhat version(s) of OpenLDAP are you using, or have you tried? There
might be/have been issues with counting the number of results returning
from a search. I note that saslauthd might set a sizelimit of 1, to
ensure that exactly one result is being returned, and back-ldap may be
erroneously returning error 4, or anything of the kind. I suggest you
enable server logging at level 256 + 4 and send the logs of both cases,
i.e. contacting the server directly vs. contacting the proxy. I confirm
that the current release (2.2.24) honors client-side sizelimit without
returning an error if the number of entries returned is exactly the
requested sizelimit either with back-bdb or back-ldap.
servers. To provide a view across the whole tree we have several
"central slaves" where all the masters are replicated to, and these
are fronted by a proxy cache using back-ldap for each central slave.
This has been working quite well.
Recently I have been integrating an application that only supports
LDAP authentication via saslauthd. Everything was humming along until
I have encountered an interesting error. When I point saslauthd
directly at an ldap directory whether it is a master or a slave it
works, but if I point it at a back-ldap instance the result is an
err=4. Now, from my reading err=4 occurs when a search exceeds the
configured number of returns but the search being performed by
saslauthd only returns one entry. If I preform the exact same search
via ldapsearch against the ldap-back instance it works.
Any idea on what might be causing it, or how I might gather any useful
information on the cause?
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497