[Date Prev][Date Next] [Chronological] [Thread] [Top]

trouble getting entry from ldap server using ldap_search_ext_s



Hi everybody

I am trying to fix an authentication plugin for openvpn using the
openldap library. I am new to the library, so I may lack some understanding.

Here is the situation
The openldap version is 2.3.27

If I try to find a user with a base dn of

"ou=mnd999,dc=asp,dc=ruf,dc=ch"

which is the correct base dn for this user, the operation works correctly.

If I just use "dc=asp,dc=ruf,dc=ch"

the operation times out. I am using subtree search and I can see on a
packet dump on the line that there is a reply from the ldap server.

The difference between the replies is that in the case of the correct DN
just a search entry and a search result message is returned, whereas in
the case of the incomplete DN a search entry, a number of search result
references end a search result are returned. In both cases, the search
result yields success.

The code calls

        if ((err = ldap_search_ext_s(ldapConn, [base cString],
LDAP_SCOPE_SUBTREE, [filter cString], attrArray, 0, NULL, NULL,
&timeout, 5000, &res)) != LDAP_SUCCESS) {
                [TRLog error: "LDAP search failed: %d: %s", err,
ldap_err2string(err)];
                goto finish;
        }

This call times out and returns -5.

I can provide tcpdump files if needed.

Thanks

Erich

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature