[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Controls handled incorrectly (ITS#2034)




Thanks for that explanation.  Now that I understand the problem a bit
better I found a "correct" solution to the problem that does not involve
patching OpenLDAP.

In the JNDI program, include the following line to prevent the
ManageDSAit control from being sent:

    ldapEnv.put(Context.REFERRAL, "throw");

Cheers.


"Kurt D. Zeilenga" wrote:
> 
> At 11:21 AM 2002-08-20, mortis@ucalgary.ca wrote:
> >Full_Name: Jeremy Mortis
> >Version: 2.0.23
> >OS: Redhat 7.2
> >URL: ftp://ftp.openldap.org/incoming/
> >Submission from: (NULL) (136.159.213.7)
> >
> >When using an LDAP instance with multiple databases, JNDI searches fail.
> >
> >This appears to be due to the fact that JNDI passes the 'manageDSAit' control
> >along,
> >which causes the 'select_backend' routine to choose the wrong database.
> 
> RFC 3296:
>   The client may provide the ManageDsaIT control with an operation
>   to indicate that the operation is intended to manage objects
>   within the DSA (server) Information Tree
> 
> The control, as discussed in RFC 3296, is commonly used to
> manage subordinate referral knowledge.
> 
> By selecting the superior database, slapd is providing access
> to the subordinate referral knowledge associated with the
> baseObject.
> 
> This is not a bug in OpenLDAP, but a bug in JNDI.  Clients
> should only provide the ManageDSAit control when the user
> wants to manage the DSA information tree.
> 
> Kurt

-- ---------------------------------------------------------------
Jeremy Mortis                          
Manager, Web & E-Mail Services                 
University of Calgary Information Technologies, 
2500 University Drive, Calgary, Alberta, Canada T2N 1N4          
Phone (403) 220-4423, Fax (403) 282-9199