Agarwal, Sharad wrote:
"Michael Ströder" <[EMAIL PROTECTED]> wrote:
So I'd be interested which LDAP clients the original poster is
working with and which problems he experienced.
WebLogic is the application in question. WebLogic allows us to define Authenticators (code that connects to the LDAP server). Once an Authenticator is defined, WebLogic offers a UI where all users and groups can be listed.
The group listing fails because of some code in WebLogic that tries to find the
description of a group. They have a generic function getdescription() that is
used for both users and groups. It ends up searching for the group in the user
base DN. And our LDAP returns an Error 32.
As far as I can tell, WebLogic should not be searching for the group in the
user context. But it is doing that. By the same token, the LDAP should not
return LDAP Error 32. But it is doing that. And, together, the twain are
resulting in the user seeing a stack trace instead of the Group listing.
Looking back to the request's base:
String searchBase = "ou=groups,ou=VgnLDAPRealm,dc=vgndomain";
if the ou=groups,ou=VgnLDAPRealm,dc=vgndomain branch does not exist in your
LDAP DIT, then you will get a NoSuchObject resultcode.
Your LDAP server is compliant if you get this result.
This puts me in a tough predicament. Both parties have a plausible argument.
WebLogic complains that the LDAP is not standards compliant. And LDAP complains
that WebLogic should not search for groups in the user DN. And if it does, it
should handle/ignore the error.
Now the funiest part : WebLogic and Oracle Virtual Directory (AFAIR,
OctetString product) ar _both_ Oracle products ;) Either Oracle or
Oracle is not compliant somewhere...
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
