Full_Name: Kurt Heberlein Version: 2.4.40+patches OS: Debian Wheezy URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (66.168.54.228)

Using simple binding with TLS, i have a successfully bound (authenticated) user, and using the same LDAP*, i experience intermittent failures attempting to retrieve the user's memberOf list. The failure manifests itself as a return from ldap_search_ext_s() with a return code of LDAP_SUCCESS but a NULL results pointer.

Most of the time this call correctly returns the list of groups the user is a member of, but intermittently it returns a NULL list even though the return code is LDAP_SUCCESS. There is no other error indication. What am i missing?

The call looks like this:

ret = ldap_search_ext_s(lp, base, scope, filter, attrs, 0, NULL, NULL, NULL, -1,

&res);

if(ret != LDAP_SUCCESS) { ... } else { assert(res != NULL); for(msg = ldap_first_message(lp, res); msg != NULL; msg = ldap_next_message(lp, msg)) { ...

Where lp is the LDAP* pointer of for the successful bind of user base = "DC=EMEA,DC=AD,DC=SOMECOMPANY,DC=COM" scope = LDAP_SCOPE_SUBTREE filter = "(&(objectClass=user)(sAMAccountName=someusername))" attrs = attrs[0] = "memberOf" attrs[0] = NULL

i dont find any documentation that indicates that res could be NULL after LDAP_SUCCESS is returned from the search.

Thanks