Mark H. Wood writes: > WebLogic has a problem which is independent of the LDAP service's > behavior: it is searching the wrong context. If this is not the > result of misconfiguration by the customer, then they should fix that. > I would simply refuse *any* arguments concerning the LDAP response to > an incorrect query until the query is corrected. I would keep > pointing to the error in WebLogic until it is acknowledged.
Sorry, no. It's irritating but normal for LDAP clients to try several searches until one succeeds, and to not offer a way to turn off searches that the user knows will find nothing. Furthermore "no such object" can mean user misconfiguration - "you must point the group base DN at an actual entry" while no search results is normal. Assuming that group DN is actually configured and necessary, of course. I've lost track of this discussion a bit, but anyway: Possibly it would help to point the group DN at the parent entry so that a search for the "group" will find users too. Depends on whether group searches use subtree scope and filter for groups. -- Hallvard
