Hi everybody
I am trying to fix an authentication plugin for openvpn using the
openldap library. I am new to the library, so I may lack some understanding.
Here is the situation
The openldap version is 2.3.27
If I try to find a user with a base dn of
"ou=mnd999,dc=asp,dc=ruf,dc=ch"
which is the correct base dn for this user, the operation works correctly.
If I just use "dc=asp,dc=ruf,dc=ch"
the operation times out. I am using subtree search and I can see on a
packet dump on the line that there is a reply from the ldap server.
The difference between the replies is that in the case of the correct DN
just a search entry and a search result message is returned, whereas in
the case of the incomplete DN a search entry, a number of search result
references end a search result are returned. In both cases, the search
result yields success.
The code calls
if ((err = ldap_search_ext_s(ldapConn, [base cString],
LDAP_SCOPE_SUBTREE, [filter cString], attrArray, 0, NULL, NULL,
&timeout, 5000, &res)) != LDAP_SUCCESS) {
[TRLog error: "LDAP search failed: %d: %s", err,
ldap_err2string(err)];
goto finish;
}
This call times out and returns -5.
I can provide tcpdump files if needed.
Thanks
Erich
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature