Hi, everyone: Recently I hit a strange problem.
If referral is disabled, our printer can do LDAP queries without any problem. However, if the referral option is enabled, and the server is pointed to some ADS, which at the same time is a domain server, the search will fail. Looking at the network trace, I found the initial search is successful, and the result is bounced back from the server. However, in the result packet, there are three pieces of referral information: ================= ldap://ForestDnsZones.otsg.crmt.801/DC=ForestDnsZones,DC=otsg,DC=crmt,DC=801 ldap://DomainDnsZones.otsg.crmt.801/DC=DomainDnsZones,DC=otsg,DC=crmt,DC=801 ldap://otsg.crmt.801/CN=Configuration,DC=otsg,DC=crmt,DC=801 ================= This will lead to 3 following anonymous searches, which will fail. The error is "000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1771". However, the error code is 85 in the log, meaning LDAP_TIMEOUT. A side note is that the failure is not constant. Intermittently, the query will be successful: ================= <distribution> (Thu Dec 11 2008 07:09:56.653) <p11044,t830493920,aba_ldap_interface.c,5684> INFO>> Value of referalsEnabled 1 ...... <distribution> (Thu Dec 11 2008 07:09:56.653) <p11044,t830493920,aba_ldap_interface.c,1272> INFO>> ENABLING REFERALS ...... <distribution> (Thu Dec 11 2008 07:09:57.246) <p11044,t830493920,aba_ldap_interface.c,1765> INFO>> value of search string in LDAPLIB (cn=earl*) ...... <distribution> (Thu Dec 11 2008 07:09:57.616) <p11044,t830493920,aba_ldap_interface.c,2691> INFO>> Found 1 Entries and 3 References ...... <distribution> (Thu Dec 11 2008 07:09:57.632) <p11044,t830493920,aba_ldap_interface.c,3496> enter>> add_ldap_results_record <distribution> (Thu Dec 11 2008 07:09:57.632) <p11044,t830493920,aba_ldap_interface.c,3509> INFO>> Size of list 1 <distribution> (Thu Dec 11 2008 07:09:57.632) <p11044,t830493920,aba_ldap_interface.c,3510> return>> add_ldap_results_record <distribution> (Thu Dec 11 2008 07:09:57.632) <p11044,t830493920,aba_ldap_interface.c,3176> INFO>> successfully added ldap record ================= This is expected correct behavior, but only intermittent. It seems less likely that the server is doing something wrong, coz it is all right when I use the thirdpty tool "LDAP Admin" with referral enabled. And, if the server is pointed to another ADS which is not DNS server, it works well with the option enabled. Anyone has had the same experience as I? And any suggestions? Looking forward to help, Xu Qiang _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
