[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7678) Operational Error propagated from back-meta
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7678) Operational Error propagated from back-meta
- From: hyc@symas.com
- Date: Sat, 7 Sep 2013 20:53:23 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Matt Hamilton wrote:
> On 2 Sep 2013, at 04:15 PM, Howard Chu <hyc@symas.com> wrote:
>
>> matth@netsight.co.uk wrote:
>>> Full_Name: Matt Hamilton
>>> Version: 2.4.36
>>> OS: Linux
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (213.133.64.253)
>>>
>>>
>>> I am using the meta backend to query multiple LDAP (AD) backends. This is to
>>> consolidate several directories in different departments into one. We attempt
>>> both simple binds with username/password and also anon binds to look up user
>>> information.
>>
>> That doesn't make much sense, since AD disallows anonymous Binds.
>
> Sorry, I wasn't clear. I mean we do both anon and simple binds to OpenLDAP. Hence why the config has credentials in it to use against the backends if not supplied by the client.
>
>>> At the moment, trying to do an authenticated simple bind to slapd caused an
>>> Operational Error to be propagated to the client regardless of the setting of
>>> 'onerr'. Even when a result is successfully found. This is due to one server in
>>> the backend succeeding and the other returning an operational error due to an
>>> invalid bind (as would be expected as the credentials supplied from the client
>>> will only work with one of the backends).
>>>
>>> Looking at servers/slapd/back-meta/search.c at around line 1903 it appears that
>>> the code is not checking for 'Operational Error' as a specific case above and so
>>> uses the default case (line 1665). Hence sres is set to 'Operational Error' too
>>> at line 1934.
>>
>> back-meta/search.c has nothing to do with Binds. Not sure what you're trying to demonstrate there.
>
> I'm not talking about binds there. I'm talking about errors being propagated.
You said, exactly:
>>>
At the moment, trying to do an authenticated simple bind to slapd caused an
Operational Error to be propagated to the client regardless of the setting of
'onerr'.
<<<
So again, are you talking about Bind or are you talking about Search?
I'm unable to reproduce any of the behavior you're describing since the config
snippets you provided reference servers that are private to your network. Nor
do I have any local AD servers to test against. Nor have you given exact
details of the client side commands being issued.
With so little ungarbled information to go on, we cannot investigate.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/