[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-ldap and saslauthd err=4

Version 2.2.23 in case of the back-ldap instance, and varying in case
of the back-bdb instances including versions 2.1.29 -> 2.2.23.

When I can I will set up a test instance of 2.2.24 back-ldap and
enable server logging at level 256 + 4.

thanks for the response,

On Apr 9, 2005 1:17 PM, Pierangelo Masarati <ando@sys-net.it> wrote:
> Andrew Reilly wrote:
> >My organization has distributed our DIT across several openldap master
> >servers.  To provide a view across the whole tree we have several
> >"central slaves" where all the masters are replicated to, and these
> >are fronted by a proxy cache using back-ldap for each central slave.
> >This has been working quite well.
> >
> >Recently I have been integrating an application that only supports
> >LDAP authentication via saslauthd.  Everything was humming along until
> >I have encountered an interesting error.  When I point saslauthd
> >directly at an ldap directory whether it is a master or a slave it
> >works, but if I point it at a back-ldap instance the result is an
> >err=4.  Now, from my reading err=4 occurs when a search exceeds the
> >configured number of returns but the search being performed by
> >saslauthd only returns one entry.  If I preform the exact same search
> >via ldapsearch against the ldap-back instance it works.
> >
> >Any idea on what might be causing it, or how I might gather any useful
> >information on the cause?
> >
> >
> What version(s) of OpenLDAP are you using, or have you tried?  There
> might be/have been issues with counting the number of results returning
> from a search.  I note that saslauthd might set a sizelimit of 1, to
> ensure that exactly one result is being returned, and back-ldap may be
> erroneously returning error 4, or anything of the kind.  I suggest you
> enable server logging at level 256 + 4 and send the logs of both cases,
> i.e. contacting the server directly vs. contacting the proxy.  I confirm
> that the current release (2.2.24) honors client-side sizelimit without
> returning an error if the number of entries returned is exactly the
> requested sizelimit either with back-bdb or back-ldap.
> p.
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497