[Date Prev][Date Next]
Re: back-ldap and saslauthd err=4
Version 2.2.23 in case of the back-ldap instance, and varying in case
of the back-bdb instances including versions 2.1.29 -> 2.2.23.
When I can I will set up a test instance of 2.2.24 back-ldap and
enable server logging at level 256 + 4.
thanks for the response,
On Apr 9, 2005 1:17 PM, Pierangelo Masarati <firstname.lastname@example.org> wrote:
> Andrew Reilly wrote:
> >My organization has distributed our DIT across several openldap master
> >servers. To provide a view across the whole tree we have several
> >"central slaves" where all the masters are replicated to, and these
> >are fronted by a proxy cache using back-ldap for each central slave.
> >This has been working quite well.
> >Recently I have been integrating an application that only supports
> >LDAP authentication via saslauthd. Everything was humming along until
> >I have encountered an interesting error. When I point saslauthd
> >directly at an ldap directory whether it is a master or a slave it
> >works, but if I point it at a back-ldap instance the result is an
> >err=4. Now, from my reading err=4 occurs when a search exceeds the
> >configured number of returns but the search being performed by
> >saslauthd only returns one entry. If I preform the exact same search
> >via ldapsearch against the ldap-back instance it works.
> >Any idea on what might be causing it, or how I might gather any useful
> >information on the cause?
> What version(s) of OpenLDAP are you using, or have you tried? There
> might be/have been issues with counting the number of results returning
> from a search. I note that saslauthd might set a sizelimit of 1, to
> ensure that exactly one result is being returned, and back-ldap may be
> erroneously returning error 4, or anything of the kind. I suggest you
> enable server logging at level 256 + 4 and send the logs of both cases,
> i.e. contacting the server directly vs. contacting the proxy. I confirm
> that the current release (2.2.24) honors client-side sizelimit without
> returning an error if the number of entries returned is exactly the
> requested sizelimit either with back-bdb or back-ldap.
> SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497