On Thursday 18 December 2008 01:24:11 Pierangelo Masarati wrote: > Matt Kowske wrote: > > Thank you. could you provide an example of this functionality with > > ldapsearch? > > > > ldapsearch -x -v -H "dc%3Ddomain%2Cdc%3Dcom" -b > > "CN=Users,DC=domain,DC=com" -D "CN=Matt Kowske,CN=Users,DC=domain,DC=com" > > -W "samaccountname=mkowske" > > > > Could not parse LDAP URI(s)=dc%3Ddomain%2Cdc%3Dcom (3) > > > > This is ldap version 2.4.11. I (tried) to look at the code, and and > > found the section of code in common.c where it is erroring out, but > > couldn't determine much beyond that. Why is the above not being > > recognized as a DN? It should not be parsed as a URI according to the man > > page. > > The man page says: "if no host/port is specified, but a DN is...". It > means that: > > - you must provide a(n RFC 45) LDAP URI > > - it must contain no host/port > > - it must contain a DN > > yours is not a LDAP URI. Try something like "ldap:///dc=domain,dc=com";. > > The 2.4 client tools have been modified to support this feature. > However, they use libldap to perform this. See clients/tools/common.c, > the calls to ldap_dn2domain(3) and ldap_domain2hostlist(3) calls (I > don't think they actually have a man page...). Those calls are > available in libldap since 2.0, I believe, in 2000.
Is there a reason this isn't implemented in the library? As far as I understand, at present only the OpenLDAP utilities will work with this URI, while if it were implemented in the library, other LDAP clients using the OpenLDAP library which don't already support a similar feature (sudo is the best example I can think of in this case, though various other desktop software could benefit) would get it for free? (nss_ldap has it's own implementation of this feature, but the configuration is different and probably not compatible with sudo if sudo uses the nss_ldap configuration file). Regards, Buchan
