hi all! i posted this issue to openldap-software a week ago, but haven't received an answer yet. so i began to debug and search myself and discovered a bug in slapd's handling of LDAP_REQ_EXTENDED requests. i came across this issue, when i tried to change an entry's userpassword attribute with ldappasswd. by mistake i ran ldappasswd with a slave slapd as host argument. instead of sending an LDAP_REFERRAL error code to the client, the slave slapd dies. debugging of version 2.0.21 showed that slapd exits in function send_ldap_response() in result.c on line 289: if ( ref != NULL ) { assert( err == LDAP_REFERRAL ); rc = ber_printf( ber, "t{V}", LDAP_TAG_REFERRAL, ref ); } else { 289 assert( err != LDAP_REFERRAL ); } so, ref is NULL, although the error code is LDAP_REFERRAL. i tracked the error back to the function do_extended() in extended.c, where i came across these lines of code: 151 rc = (ext->ext_main)( conn, op, reqoid, reqdata, &rspoid, &rspdata, &rspctrls, &text, &refs ); if( rc != SLAPD_ABANDON ) { if (rc == LDAP_REFERRAL) { 157 refs = default_referral; } send_ldap_extended( conn, op, rc, NULL, text, refs, rspoid, rspdata, rspctrls ); } in line 151, do_extended() calls (ext->ext_main), in this case passwd_extop() in passwd.c. passwd_extop() correctly returns error code LDAP_REFERRAL, but, although passwd_extop() sets the refs variable to the in slapd.conf configured referral, do_extended() resets refs to default_referral in line 157, thus causing the assertion on line 289 in result.c to fail. the attached patch file is against openldap-2.0.21 and changes line 157 to: if (rc == LDAP_REFERRAL) { 157 refs ? refs : default_referral; } with this patch applied, the recompiled slave slapd correctly answers an ldappasswd request with LDAP_REFERRAL. regards, tom. -- Thomas Hager | "Microsoft is not the answer. Technical Product Development | Microsoft is the question. thomas.hager@1012surf.net | NO is the answer." http://www.telering.at | Erik Naggum.
Attachment:
openldap-slapd-do_extended.patch.gz
Description: GNU Zip compressed data
Attachment:
signature.asc
Description: This is a digitally signed message part