[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ldapsearch Question

To: Dean Halter <dean.halter@notes.udayton.edu>, OpenLDAP-software@OpenLDAP.org
Subject: Re: Ldapsearch Question
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 09 May 2005 10:00:27 -0700
Content-disposition: inline
In-reply-to: <1115653954.20506.25.camel@logistics>
References: <1115653954.20506.25.camel@logistics>

--On Monday, May 09, 2005 11:52 AM -0400 Dean Halter <dean.halter@notes.udayton.edu> wrote:

I am new to ldap and am playing with the tools prior to writing some
simple applications.  Forgive me if I breach etiquette in any way or am
asking a really stupid question.

Whenever I run the following command:

ldapsearch -x -H ldap://ldap.userverx.edu -D
"cn=student,ou=school,ou=users,o=uofs" -b "ou=users,o=uofs" -W
"cn=student"

I am asked for my password and presented the appropriate results.
Attempting the same thing across a secure connection, after adding
'TLS_REQCERT never' to my /etc/openldap/ldap.conf file and changing
ldap://ldap.userverx.edu to ldaps://ldap.userverx.edu, gets me the same
results, but hangs at the end.  I am using Redhat Enterprise Linux 4
with the following packages installed: openldap-clients-2.2.13-2,
openldap-2.2.13-2, openldap-devel-2.2.13-2.

An ltrace shows it hanging indefinitely on ldap_result() between

ACL: 0#entry#cn=proxy_ldap,o=UofS#jpegPhoto

and the following (returned and completed successfully in the first
search using ldap://ldap.userverx.edu):

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Can anyone give me an idea what is going on or if I am doing something
wrong?  Thanks in advance.


Dean,

Unfortunately, you are using Redhat's shipped version of OpenLDAP. I personally consider that the wrong thing to do, as RedHat does an extremely poor job of representing OpenLDAP to the community, and their tendency to ship very old outdated versions of OpenLDAP to which many many bugs have since been fixed tends to cause many problems. I would advise one of two things:

1) Build your own version of OpenLDAP (2.2.26 is the current stable 2.2 release)

or

2) Switch to another distribution that more wisely keeps its OpenLDAP versions up to date, like Mandrake or SUSE.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

References:
- Ldapsearch Question
  - From: Dean Halter <dean.halter@notes.udayton.edu>

Prev by Date: Searching without matching derived attributes
Next by Date: Re: Searching without matching derived attributes
Index(es):
- Chronological
- Thread