[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Incompatibilities between 2.1 ldapsearch and 2.3 servers?
Quanah Gibson-Mount wrote:
I thought that the "ldapsearch" binary from any given release should
work with a server running a different release, but this does not
appear to be the case. Our 2.3.24 Linux servers cannot be searched
with a 2.1.25 ldapsearch binary if there are a lot of results. What
we get is:
ldap_result: Can't contact LDAP server (81)
If I use a 2.3 series ldapsearch binary, the search completes without
problem. The ldap server seems to think that the 2.1 binary issued an
UNBIND request:
No, the ldapsearch binary *does* issue an Unbind request once it gets
the error 81. Most likely this is a SASL buffering bug that was fixed
after 2.1.25.
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 fd=376 ACCEPT from IP=
171.67.16.82:48070 (IP=0.0.0.0:389)
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=0 SRCH base="" scope
=0 deref=0 filter="(objectClass=*)"
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=0 SRCH attr=
supportedSASLMechanisms
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=0 SEARCH RESULT tag=
101 err=0 nentries=1 text=
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=1 BIND dn="" method=163
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=1 RESULT tag=97 err=
14 text=
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=2 BIND dn="" method=163
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=2 RESULT tag=97 err=
14 text=
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 BIND dn="" method=163
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 BIND authcid=
"service/registryauditor@stanford.edu" authzid="service/
registryauditor@stanford.edu"
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 BIND dn="cn=
registrydataauditor,cn=service,cn=applications,dc=stanford,dc= edu"
mech=GSSAPI ssf=56
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 RESULT tag=97 err=
0 text=
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=4 SRCH base="dc=
stanford,dc=edu" scope=2 deref=0 filter="(suPrivilegeGroup=stanford:
staff)"
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=4 SRCH attr=suregid
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=5 UNBIND
Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 fd=376 closed
Thoughts?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/