[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searchbase Bug in slapd?

To: "Jim Hud" <jdhz@btinternet.com>
Subject: Re: Searchbase Bug in slapd?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 07 Oct 2000 17:56:05 -0700
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <002901c030b7$8d772cc0$4e42a8c0@dhntnbook>

At 11:33 PM 10/7/00 +0000, Jim Hud wrote:
>If I use Outlook to run a search against slapd (which has defaultsearchbase
>configured) I get data back OK.

You've demonstrated that the defaultSearchBase kludge works for
clients which don't send an appropriate search base.

>If I then configure the Outlook search base
>to the correct base (same as set in defaultsearchbase) I still get data
>back, OK so far.

You've demonstrated that slapd responds with a properly configured
client.

>However when I clear the Outlook search base to nothing I
>get no data back from slapd.

This is correct behavior for a server which doesn't hold the
root namingContext (or doesn't have a defaultSearchBase set).
If slapd cannot locate the base of the search, it cannot
return any entries.

>In fact the logs appear to say that Outlook is
>giving a base of "c=UK".

If the client requests "c=UK" and "c=UK" doesn't hold "c=UK", it
cannot return "c=UK".

>Restarting slapd makes no difference, nor does
>rebooting the slapd machine.  Looks like an Outlook problem doesn't it.
>
>BUT if I then do the same but instead of slapd I use an MS Exchange LDAP
>server then it resets OK.

What resets?  Outlook?  That's its business.

>Also if I create a new directory account on
>Outlook with no searchbase set it does not work until I stop and restart
>slapd.

You likely changed something, like setting a defaultSearchBase, to
change slapd behavior.

>My theory is that the logic of dealing with null search bases is wrong
>somewhere.

Some clients expect servers to somehow guess at what they mean
when given an empty search base.  However, LDAP/X.500 prescribes
this behavior quite clearly.  If the server is not configured
to hold the root namingContext, it cannot return any entries
for a subtree or one-level search when an empty base DN (if
scope is base, the RootDSE is returned).

defaultSearchBase can be used to purposely break LDAP/X.500
semantics and specify a defaulting to some DN.  Whether you
use this mechanism or not is your choice.

Kurt

Follow-Ups:
- Re: Searchbase Bug in slapd?
  - From: "Jim Hud" <jdhz@btinternet.com>

References:
- Searchbase Bug in slapd?
  - From: "Jim Hud" <jdhz@btinternet.com>

Prev by Date: RE: Why does slapd need a searchbase?
Next by Date: Re: Why does slapd need a searchbase?
Index(es):
- Chronological
- Thread