I remember Michael has said referral does not work well in LDAP v3 servers.
Btw, I am interested in how you set the callback functions to ensure proper user credential is used. > -----Original Message----- > From: > [email protected] > > [mailto:[email protected] > illa.org] On Behalf Of Rich Megginson > Sent: Friday, April 17, 2009 3:41 AM > To: Srivastava, Dipti > Cc: [email protected]; Gatfield, Geoffrey; > [email protected] > Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to > page results from Active Directory > > Srivastava, Dipti wrote: > > Hi Rich, > > We have been doing further investigation of this issue and > have the found the following: > > By default the Mozilla c-sdk chases the referrals > automatically and I should expect to see a SEARCH_REFERENCE > in the LDAP result. We do not process this and let the > library handle it automatically. > > We have written a call back for provide the bind user > information so the referrals can be chased by an authenticated user. > > Now, when we issue a query which is expected to return > >1000 records from Active directory, but stops at only 1000 > records we always notice that there is a SEARCH_REFERENCE > tacked at the end of the LDAP result sequence. This I believe > can be due to only 2 reasons: > > - One that the referral chasing is turned off > > - Second that an error was encountered while trying to > chase the referral automatically. > > > > We suspect the 2nd case due to previous experience with the > following > > issue with Mozilla c-sdk > > > > - Which not support referrals that use a domain name rather than a > > host name as a reference. When Active Directory > automatically configures referrals (such as when a trust or > parent/child domain relationship is created), it uses a > domain name in the referral. > > > > The customer has referrals that use the DDNS name and not > the fully qualified hostname. > > > > So when this error occurs the LDAP result sequence gets > corrupted in such a way that the client cannot ascertain the > right cookie for the paged search. > > > > Please post your comments on the above issue. > > > So what is the bug here exactly? The LDAP C SDK corrupts the > result sequence if an error is encountered during automatic > referral chasing? > > Also, to test that chasing referrals was causing the > problem with the paged search we wrote a sample program to > run on the customer site and which allowed them to turn OFF > referral chasing and now we were able to complete a paged > search and retrieve several thousand records. > > > > Regards, > > Dipti > > > > -----Original Message----- > > From: Rich Megginson [mailto:[email protected]] > > Sent: Monday, April 13, 2009 5:39 PM > > To: Srivastava, Dipti > > Cc: [email protected]; [email protected]; Gatfield, > > Geoffrey; [email protected] > > Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to > page results > > from Active Directory > > > > Srivastava, Dipti wrote: > > > >> We tried the Ldp.exe, a windows utility it works fine. > Also, the c-sdk 5.08 is able to get us the paged results. > >> We have not tried the OpenLdap tools. > >> > >> > > Does your code handle all of SEARCH_RESULT, SEARCH_ENTRY, and > > SEARCH_REFERENCE? Would it be possible for you to post excerpts of > > your code? > > > >> Thanks, > >> Dipti > >> > >> -----Original Message----- > >> From: Rich Megginson [mailto:[email protected]] > >> Sent: Monday, April 13, 2009 5:30 PM > >> To: Srivastava, Dipti > >> Cc: [email protected]; [email protected]; Gatfield, > >> Geoffrey; [email protected] > >> Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to page > >> results from Active Directory > >> > >> Srivastava, Dipti wrote: > >> > >> > >>> Hi Rich, > >>> Thanks for responding. Yes this issue is related to the > query by Geoff on the newsgroup, but my question is regarding > paging the searches, today we found that if change the search > filter from (objectClass = person) to (objectClass = *) we > could page for the same test setup. > >>> > >>> > >>> > >> What code are you using? The mozldap cmd line tools do > not support > >> simple paged results, but the OpenLDAP tools do - have you tried > >> using the openldap ldapsearch to see what happens? > >> > >> > >>> Thanks, > >>> Dipti > >>> > >>> -----Original Message----- > >>> From: Rich Megginson [mailto:[email protected]] > >>> Sent: Monday, April 13, 2009 3:18 PM > >>> To: Srivastava, Dipti > >>> Cc: [email protected]; [email protected]; Gatfield, > >>> Geoffrey; [email protected] > >>> Subject: Re: Upgrade to c-sdk 6.04 results in inabilty to page > >>> results from Active Directory > >>> > >>> Srivastava, Dipti wrote: > >>> > >>> > >>> > >>>> Hi Anton and Rich, > >>>> > >>>> Recently we moved from version 5.08 c-sdk to a more > recent version > >>>> 6.04, while investigating a crash when the 5.08 s-sdk > was trying to > >>>> chase a referral that was more than 2 hops. > >>>> > >>>> We saw that the latest code for c-sdk had a fix for this > and thus > >>>> upgraded to the newer version. But after doing that, we > stopped paging. > >>>> > >>>> The Active Directory configuration is the same as before > and with > >>>> the version 5.08 libraries the paging occurs fine. > >>>> > >>>> Would you be able to lend us some insight as to how to go about > >>>> investigating this issue further? > >>>> > >>>> > >>>> > >>>> > >>> Geoffrey reported the issue on the newsgroup and thought it might > >>> have something to do with search references: > >>> "The only thing unusual is that the last entry in the chain is a > >>> search reference. Are there any known problems handling search > >>> references?" > >>> > >>> Not that I know of. It's possible something broke > between 5.x and > >>> 6.x, but nothing I'm aware of. > >>> > >>> > >>> > >>>> > >>>> > >>>> Thanks and Regards, > >>>> > >>>> Dipti > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >>> > >> > >> > >> > > > > > > > > > > _______________________________________________ > dev-tech-ldap mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-ldap > _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
