Hello all,
I've been using OpenLDAP to talk to Fedora DS, and my bindings
weren't working! This was quite vexing, so I did some investigation.
I finally pinpointed the error to ldap_get_values_len() returning
a NULL pointer for nsslapd-referral, with no error code.
Sounds sort of like a bug in OpenLDAP, no? Yes it does, but it's a bug
that's only tickled in very strange circumstances. If you use ldapvi,
well, that links to OpenLDAP, but it ignores NULLs so that's why you
never see a nsslapd-referral in your cn=config entry.
I made a dump of the buffer that OpenLDAP was parsing values out
of (I think this was what was transmitted over the network.)
Exhibit A (byte sequence containing nsslapd-referral):
0<14><04><10>nsslapd-referral1<00>0<19><04><12>
Exhibit B (byte sequence containing nsslapd-localhost):
0,<04><11>nsslapd-localhost1<17><04><15>cats-whiskers.mit.edu0#<04><16>
As you can see, the byte sequence for nsslapd-referral appears to have
no textual data associated with it. What's up with that?
Edward
Show replies by date
Howard responded to the OpenLDAP list with this:
But it's certainly stupid for the server to attach the attribute
to the
response with no values, since this is obviously NOT an attrsOnly search
response. Sounds like you ought to file a bug report against the Fedora
Directory Server. [1]
Cheers,
Edward
[1]
http://www.openldap.org/lists/openldap-technical/201010/msg00123.html