[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: following referrals by proxy produced error (more info included)

To: OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: Re: following referrals by proxy produced error (more info included)
From: philchan@hksfc.org.hk
Date: Mon, 2 Apr 2001 15:28:18 +0800




I install OpenLDAP 2.0.7 on three fresh OpenLinux 2.3 boxes for
"dc=top,dc=com", "dc=next,dc=top,dc=com", and a proxy.

I submit a search query with base specified as "dc=top,dc=com"
to the proxy which in turn query the real directory "dc=top,dc=com".
However, the real directory "dc=top,dc=com" contains a reference to
"dc=next,dc=top,dc=com", the proxy follows it and seach the referred
directory. However, the proxy still submits the search query with base
"dc=top,dc=com" to the sub-directory "dc=next,dc=top,dc=com" and
get result 32: No such object.

Then the proxy returns some data entries obtained from the
top driectory plus the Result 32 and my LDAP client (Outlook)
just reports no entries match my search criteria.

I tried to submit a search without base to the proxy which has
the defaultsearchbase "dc=top,dc=com", the same happens.

If I remove the defaultsearchbase from the proxy and submit
a query without searchbase, the proxy immediately responses
with result 32.

(1) Below is the Root "dc=top,dc=com"

dn: dc=top,dc=com
objectClass: dcObject
objectClass: organization
o: top-com
dc: top

dn: dc=next,dc=top,dc=com
objectClass: referral
objectClass: extensibleObject
dc: next
ref: ldap://172.15.3.28/dc=next,dc=top,dc=com

dn: cn=philipcheng,dc=top,dc=com
o: HK House
mail: philipcheng@top.com
cn: philipcheng
sn: philipcheng
objectClass: top
objectClass: person
objectClass: inetorgperson

dn: cn=Philip CHAN,dc=top,dc=com
o: next on top-com
mail: philchan@top.com
cn: Philip CHAN
sn: CHAN
objectClass: top
objectClass: person
objectClass: inetorgperson


(2) Below is "dc=next,dc=top,dc=com"

dn: dc=next,dc=top,dc=com
objectclass: dcObject
objectclass: organization
o: next-top-com
dc: next

dn: cn=Eric CHAU,dc=next,dc=top,dc=com
o: next-top-com
mail: ericchau@next.top.com
cn: Eric CHAU
sn: CHAU
objectClass: top
objectClass: person
objectClass: inetorgperson

dn: cn=Philip CHAN,dc=next,dc=top,dc=com
o: next-top-com
mail: philchan@next.top.com
cn: Philip CHAN
sn: CHAN
objectClass: top
objectClass: person
objectClass: inetorgperson


(3) Below is the sldap.conf of the proxy

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema

sizelimit       1000
pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

defaultsearchbase "dc=top,dc=com"
database        ldap
uri             ldap://172.15.207.10
suffix          "dc=top,dc=com"


Regards,
Philip

Prev by Date: Re: OpenLDAP + autofs integration
Next by Date: LDAP sniffer?
Index(es):
- Chronological
- Thread