-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dieter beat me to the punch on citing RFC 4511 as the authoritative source for information. However, it doesn't really give guidelines on what result code to return for this (or any) situation. Appendix A of the same RFC also gives short descriptions of the result codes, breaking them down into "Non-Error Result Codes" and "Result Codes". Code 32 falls into the latter. Since that group is not "Non-Error", I would tend to interpret it to mean that those codes *are* errors. Not finding what you were searching for is not, in my opinion, a protocol error. To return an error code for a successful search operation doesn't seem right to me. Every LDAP directory I've worked with returns a Success (0) for an empty search result. -paul - -- Paul D. Engle | Rice University Sr. Systems Adminstrator, RHCE | Information Technology - MS119 713-348-4702 | PO Box 1892 [EMAIL PROTECTED] | Houston, TX 77251-1892 - --On Wednesday, October 15, 2008 12:22 PM -0400 "Agarwal, Sharad" <[EMAIL PROTECTED]> wrote: > Thanks Joe. Appreciate your patience. > > Is there some kind of authoritative source I could cite when I have this > discussion with the LDAP administrators? They are just telling me that > the application should handle the error and that LDAP Error 32 is 'No > Such Object'. And since there is no (uid=foo) object, it is standards > compliant behavior for the server to return LDAP Error 32. > > Thanks, > Sharad > > -----Original Message----- > From: joe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 15, 2008 12:19 PM > To: Agarwal, Sharad; [EMAIL PROTECTED]; [email protected] > Subject: RE: [ldap] Re: LDAP Error 32 v/s Empty Result Set > > Good example. I would say the LDAP server was sending back a > non-standard > response for that situation then. > > joe > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -----Original Message----- > From: Agarwal, Sharad [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 15, 2008 12:17 PM > To: joe; [EMAIL PROTECTED]; [email protected] > Subject: RE: [ldap] Re: LDAP Error 32 v/s Empty Result Set > > Hi Joe, > > Thank you for elaborating on that. > > I think I was asking too generic a question. Here are two specific > queries > to the Oracle Virtual Directory server, both using the same bind > information. One succeeds, the other fails. The only difference between > the > two is that one is searching for (uid=vgnadmin) and the other for > (uid=foo). > > Query: > ~~~~ > String searchBase = "ou=People,dc=fmr,dc=com"; > String searchFilter = "(uid=vgnadmin)"; //WORKS ~~~~ > > Output: > ~~~~ > LDAPEntry: uid=vgnadmin,ou=People,dc=fmr,dc=com; LDAPAttributeSet: > LDAPAttribute: {type='cn', value='vgnadmin, VDS'} ~~~~ > > Query: > ~~~~ > String searchBase = "ou=People,dc=fmr,dc=com"; > String searchFilter = "(uid=foo)"; //FAILS ~~~~ > > Output: > ~~~~ > Error: LDAPException: No Such Object (32) No Such Object > LDAPException: Server Message: LDAP Error 32 : No Such Object ~~~~ > > -----Original Message----- > From: joe [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 15, 2008 11:27 AM > To: Agarwal, Sharad; [EMAIL PROTECTED]; [email protected] > Subject: RE: [ldap] Re: LDAP Error 32 v/s Empty Result Set > > Does a base level search with a filter of objectclass=* return the base > object or does it return an error? Alternately if you change your filter > to > objectclass=* and leave the rest of the query the same does it work? > > I could this being a problem with your search base as well as the DN > specified for the uniqueMember match. Either of which not existing or > you > not having access rights to see them. > > joe > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Agarwal, > Sharad > Sent: Wednesday, October 15, 2008 11:10 AM > To: [EMAIL PROTECTED]; [email protected] > Subject: [ldap] Re: LDAP Error 32 v/s Empty Result Set > > Thanks Adam. > > My apologies, I should have been more clear on that front. Both the > searchBase and bind information is valid. The only thing out of order > (if we > can call it that) is that the search is for something that does not > exist. > Put another way, we are searching for an item that does not exist in the > searchBase. > > If the standard behavior for an LDAP server is to NOT give an error, can > you > please point me to an authoritative source that I could cite to the LDAP > administrators? > > Thanks, > Sharad > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Adam > Tauno Williams > Sent: Wednesday, October 15, 2008 11:04 AM > To: [email protected] > Subject: [ldap] Re: LDAP Error 32 v/s Empty Result Set > >> Is it standard behavior for an LDAP server to respond with (LDAP Error >> 32) when a query is run that has no match? > > I suppose, if the specified searchBase does not exist or potentially if > the > simple bind fails (the latter isn't "correct" AFAIK, but I've seen it in > the > wild). > >> I tried a zero result query with the embedded LDAP Server (that comes >> with WebLogic). This query does not return LDAP Error 32, it just >> returns an empty result set. >> >> Code snippet: >> ~~~~ >> int ldapVersion = LDAPConnection.LDAP_V3; >> int ldapPort = 27001; >> String ldapHost = "fesbosbgdd33v3"; >> String loginDN = >> "uid=vgnadmin,ou=people,ou=VgnLDAPRealm,dc=vgndomain"; >> String password = "password masked"; >> String searchBase = "ou=groups,ou=VgnLDAPRealm,dc=vgndomain"; >> String searchFilter = >> > "(&(uniquemember=cn=Administrators,ou=groups,ou=VgnLDAPRealm,dc=vgndomai >> n)(objectclass=groupOfUniqueNames))"; >> ~~~~ > > -- > Consonance: an Open Source .NET OpenGroupware client. > Contact:[EMAIL PROTECTED] > http://freshmeat.net/projects/consonance/ > > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFI9kcvCpkISWtyHNsRAu5SAJ908yiy3cT0Qq90DVWtJwjznWbl5gCgxiNb OUXuaW4Y1rl84cqp+eWMUw4= =ewtM -----END PGP SIGNATURE-----
