[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referral results sent with an empty scope and filter

On 1/12/06, Pierangelo Masarati <ando@sys-net.it> wrote:

> You don't specify what "your directory" is; since you write to this list,
> I'll assume it's OpenLDAP.  It would be nice to know what version you're
> using; I'll assume you use the latest, otherwise the discussion is moot.

I am using OpenLDAP, at version 2.2.26 -- Debian unstable latest version.

> Usually, as the result of a search request, OpenLDAP may return a search
> reference or a referral, both with complete scope portion, i.e. it
> specifies if the scope is base, one or sub; typically, whatever was set in
> the "ref:" field, the returned referral is rewritten according to the type
> of continuation that should occur, based on the base and scope of the
> request, as indicated in RFC 3296 (see examples in section 5.3: "Base
> Object Considerations").
> As a consequence of other operations, it returns a referral URL without
> any scope specification, since in those cases there would be no ambiguity;
> this is in accordance with section 5.2: "Target Object Considerations".

I didn't know the behavior of LDAP server was so much documented and
specified in RFCs :-)

> You don't specify in response to what type of operation you get that URL;
> as far as I know, OpenLDAP always puts an explicit scope when returning
> search references or referrals in response to search operations, and never
> puts anything after the DN when returning referrals in response to other
> operations.

In my case, this is search operations. I suppose the latest OpenLDAP
was updated to be RFC-compliant because, according to RFC 3296 :

Example: If the client issues a subtree search in which the base
      object is "OU=Roles,O=MNN,C=WW", the server will return

         SearchResultDone (referral) {

Which version 2.2.26 *doesn't* do apparently... ("??" instead of
"??sub" in the reference reply).

Damiano ALBANI