[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7678) Operational Error propagated from back-meta
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7678) Operational Error propagated from back-meta
- From: hyc@symas.com
- Date: Mon, 2 Sep 2013 15:15:43 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
matth@netsight.co.uk wrote:
> Full_Name: Matt Hamilton
> Version: 2.4.36
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (213.133.64.253)
>
>
> I am using the meta backend to query multiple LDAP (AD) backends. This is to
> consolidate several directories in different departments into one. We attempt
> both simple binds with username/password and also anon binds to look up user
> information.
That doesn't make much sense, since AD disallows anonymous Binds.
> At the moment, trying to do an authenticated simple bind to slapd caused an
> Operational Error to be propagated to the client regardless of the setting of
> 'onerr'. Even when a result is successfully found. This is due to one server in
> the backend succeeding and the other returning an operational error due to an
> invalid bind (as would be expected as the credentials supplied from the client
> will only work with one of the backends).
>
> Looking at servers/slapd/back-meta/search.c at around line 1903 it appears that
> the code is not checking for 'Operational Error' as a specific case above and so
> uses the default case (line 1665). Hence sres is set to 'Operational Error' too
> at line 1934.
back-meta/search.c has nothing to do with Binds. Not sure what you're trying
to demonstrate there.
>
> The server should be changing this to LDAP_SUCCESS somewhere in that logic
> unless META_BACK_ONERR_REPORT.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/