Full_Name: Alexandre Rosenberg Version: 2.4.44 OS: Linux - CentOS7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (125.30.6.137)
I found some unexpected behavior when using both '-h' and '-p' option with ldapserach.
== Reproduce:
- Use the '-h' option with an invalid hostname such as a URI - Also set a (valid) port using the '-p' option
== Result: If those condition are met, ldapearch seem to always connect to localhost on port 389
$ ldapsearch -x -d 255 -h ldap://localhost -p 10389 ldap_create ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:389
== Expected behavior: Failure due to invalid hostname
== Note: This *only* happens when both '-h' and '-p' are used. When only '-h' is used, following happens which seem fine:
$ ldapsearch -x -d 255 -h ldap://localhost ldap_create ldap_url_parse_ext(ldap://ldap:%2F%2Flocalhost) ldap_err2string Could not create LDAP session handle for URI=ldap://ldap: %2F%2Flocalhost (-9): Bad parameter to an ldap routine
== Additional example: Bellow are some more example - note adding "/" to the hostname is enough to trigger the issue.
1. $ ldapsearch -x -d 255 -h example.org -p 10636
-> Connects to example.org on port 10636 (as expected)
2. $ ldapsearch -x -d 255 -h /example.org -p 10636
-> Connects to localhost on port 389 (!) - note the added "/"
3. $ ldapsearch -x -d 255 -h /example.org
Running the command will give you the debug output (which I omitted here). Note I am using openldap 2.4.44.