On 04/02/2013 19:34, Philip Guenther wrote: > On Mon, 4 Feb 2013, Quanah Gibson-Mount wrote: >> --On Monday, February 04, 2013 11:55 AM +0000 Chris Palmer >> <[email protected]> wrote: > ... >>> But: updates to B, *with* spaces in the DN, are referred to A where they >>> fail with error 32. The client (using Novell jldap 2009.10.07) does not >>> report an error, and of course the change is not replicated. >>> >>> The MOD to B appears in ldap.log as dn="cn=first second,ou=.......". >>> Note the space between the two words of the CN. (This is also how MODs >>> sent directly to A appear, which do get correctly processed). >>> >>> A network trace shows B generating a referral to A of the form: >>> ldap://instanceA:389/cn=first%20second,ou=..... >>> >>> The MOD referral to A appears in A's ldap.log as >>> dn="cn=first%20second,ou=....." with err=32. >>> >>> I'm at a loss to know where to go from here, or even which component is >>> at fault. Can anyone help? >> Well, %20 is just the space encoded, which I would think would be OK. >> Do you hit the same issue if you use UnboundID's SDK rather than JLDAP?
I've just had a quick look at the UnboundID SDK, and it does look much better than JLDAP. The API is of course rather different, so I will have to do a test case and then port the program. It's about 7 years old, and at the time JLDAP seemed a reasonable choice... > It sounds to me like OpenLDAP is returning the correct URL in the > referral, but when Novell's jldap processes the referral it is failing to > decode the percent-encoding when generating the new request to the > referred-to server, as percent-encoding is not used (of course) in DN > field of the actual LDAP request. > That sounds right to me. A good reason to move away from JLDAP. Many thanks for the help. > Philip Guenther
