[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4669) Strange `ldapsearch' behaviour
Full_Name: Sriharsha Setty
Version: 2.2.13-4
OS: RHEL 4
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (128.88.255.123)
Hi folks,
ldapsearch utility behaves in a strange way with the following instance
ldap.conf file:
/etc/openldap/ldap.conf
------------------------------------------------------------------------
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
uri ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12
ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12 ldaps://xc0n12
# The distinguished name of the search base.
base o=xc0
# OpenLDAP SSL options
# Require and verify server certificate (yes/no)
# Default is "no"
tls_checkpeer yes
# SSL cipher suite
# See man ciphers for syntax
tls_ciphers HIGH:MEDIUM:+SSLv3:RSA
tls_cacert /etc/openssl/xc0-cert.pem
tls_reqcert demand
-----------------------------------------------------------------
With the uri in the above file, it fails to look up each of the uri mentioned.
Instead ,it just looks up localhost:389. Note that the string is 140 chars long
including the key uri and the newline at the end.
Out put of `ldapsearch -x -LLL "(sn=smith)" cn sn telephoneNumber -v -d 7'
============================================
ldap_initialize( <DEFAULT> )
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_is_socket_ready: error on socket 3: errno: 113 (No route to host)
ldap_close_socket: 3
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
[root@xc30on8 ~]#
====================================================
Also, if the total length of the uri line (including the characters uri + a new
line at the end) execeeds 128 characters, the search string is truncated after
that.
It could be that the two of them are related. I am not sure, though.
Thank you,
/harsha