Srivastava, Dipti wrote:
Hi Rich,
We have been doing further investigation of this issue and have the found the
following:
By default the Mozilla c-sdk chases the referrals automatically and I should
expect to see a SEARCH_REFERENCE in the LDAP result. We do not process this and
let the library handle it automatically.
We have written a call back for provide the bind user information so the
referrals can be chased by an authenticated user.
Now, when we issue a query which is expected to return >1000 records from
Active directory, but stops at only 1000 records we always notice that there is a
SEARCH_REFERENCE tacked at the end of the LDAP result sequence. This I believe can
be due to only 2 reasons:
- One that the referral chasing is turned off
- Second that an error was encountered while trying to chase the referral automatically.
We suspect the 2nd case due to previous experience with the following issue
with Mozilla c-sdk
- Which not support referrals that use a domain name rather than a host
name as a reference. When Active Directory automatically configures referrals
(such as when a trust or parent/child domain relationship is created), it uses
a domain name in the referral.
The customer has referrals that use the DDNS name and not the fully qualified
hostname.
So when this error occurs the LDAP result sequence gets corrupted in such a way
that the client cannot ascertain the right cookie for the paged search.
Please post your comments on the above issue.
So what is the bug here exactly? The LDAP C SDK corrupts the result
sequence if an error is encountered during automatic referral chasing?
Also, to test that chasing referrals was causing the problem with the paged
search we wrote a sample program to run on the customer site and which allowed
them to turn OFF referral chasing and now we were able to complete a paged
search and retrieve several thousand records.
Regards,
Dipti
-----Original Message-----
From: Rich Megginson [mailto:[email protected]]
Sent: Monday, April 13, 2009 5:39 PM
To: Srivastava, Dipti
Cc: [email protected]; [email protected]; Gatfield, Geoffrey;
[email protected]
Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to page results from
Active Directory
Srivastava, Dipti wrote:
We tried the Ldp.exe, a windows utility it works fine. Also, the c-sdk 5.08 is
able to get us the paged results.
We have not tried the OpenLdap tools.
Does your code handle all of SEARCH_RESULT, SEARCH_ENTRY, and
SEARCH_REFERENCE? Would it be possible for you to post excerpts of your
code?
Thanks,
Dipti
-----Original Message-----
From: Rich Megginson [mailto:[email protected]]
Sent: Monday, April 13, 2009 5:30 PM
To: Srivastava, Dipti
Cc: [email protected]; [email protected]; Gatfield, Geoffrey;
[email protected]
Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to page results from
Active Directory
Srivastava, Dipti wrote:
Hi Rich,
Thanks for responding. Yes this issue is related to the query by Geoff on the
newsgroup, but my question is regarding paging the searches, today we found
that if change the search filter from (objectClass = person) to (objectClass =
*) we could page for the same test setup.
What code are you using? The mozldap cmd line tools do not support
simple paged results, but the OpenLDAP tools do - have you tried using
the openldap ldapsearch to see what happens?
Thanks,
Dipti
-----Original Message-----
From: Rich Megginson [mailto:[email protected]]
Sent: Monday, April 13, 2009 3:18 PM
To: Srivastava, Dipti
Cc: [email protected]; [email protected]; Gatfield, Geoffrey;
[email protected]
Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to page results from
Active Directory
Srivastava, Dipti wrote:
Hi Anton and Rich,
Recently we moved from version 5.08 c-sdk to a more recent version
6.04, while investigating a crash when the 5.08 s-sdk was trying to
chase a referral that was more than 2 hops.
We saw that the latest code for c-sdk had a fix for this and thus
upgraded to the newer version. But after doing that, we stopped paging.
The Active Directory configuration is the same as before and with the
version 5.08 libraries the paging occurs fine.
Would you be able to lend us some insight as to how to go about
investigating this issue further?
Geoffrey reported the issue on the newsgroup and thought it might have
something to do with search references:
"The only thing unusual is that the last
entry in the chain is a search reference. Are there any known problems
handling search references?"
Not that I know of. It's possible something broke between 5.x and 6.x,
but nothing I'm aware of.
Thanks and Regards,
Dipti
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
