[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
back-ldap problem with Win2000 Active Directory
Hi,
we are currently using slapd with back-ldap to connect to an Active
Directory LDAP server:
client <--> sldap
^
|
v
back-ldap <--> Active Directory
When doing some simple searches (ldapsearch -s one "uid=toto"),
back-ldap crashes with the following message:
slapd: result.c:518: send_search_result: Assertion `!(((0x51) <= (( err
))) && ((( err )) <= (0x61)))' failed.
There is no problem without the "-s one" option.
After some debug, it appears that AD sends some non-standard messages;
in response to the search request, back-ldap gets the following message
(captured with Ethereal):
Search Result:
Result code: 0x09
Matched DN: (null)
Error message: Referral:
ldap://thehost.com/CN=Configuration,DC=thehost,DC=com??base
The result code of 9 is not valid (it is written to be reserved in
RFC2251) but OpenLDAP seems to understand that it is a referal. The
problem is that the URL of the referal is not well parsed; in response
to this search result, back-ldap sends another search request to the AD:
Search Request:
Base DN: CN=Configuration,DC=thehost,DC=com??base
Scope: Single
...
There shouldn't be "??base" in the base DN and the scope should be
"base". Then AD replies with another result code 9 search result but
with a referal to "thehost.com??base" which leads to the slapd crash.
Does anybody knows how to fix this problem?
Thanks.
--
Bertrand Croq - VIRTUAL NET (http://www.virtual-net.fr)
80, avenue des Buttes de Coesmes - 35700 RENNES
tel: +33 2 23 21 06 30 - fax: +33 2 99 38 16 85