Re: (ITS#8618) ldapsearch - unexpected behavior with - openldap-bugs

4 Mar 2018


      Andry, I am sorry but I still don't understand...
- You are saying  ldapsearch internally converts '-h' and '-p' parameters into a
URI, correct ?
- The '-p' option in ldapsearch is optional, if it's not set it should use the
default LDAP port (TCP/389).
In the example bellow, when I am calling ldapsearch without specifying the port
(1),  it does not say anything about the ldap URI being invalid. It simply tries
to connect to '/example.org:389' and fails. (which is expected).
On the other hand the same example with the option '-p 389' added, result in the
query going to localhost (2). I don't understand why.
The default LDAP port is TCP/389, therefore I would expect ldapsearch to behave
in the same way regardless if the '-p 389' argument is provided or not.
(1) 
$ ldapsearch -x -d 255 -h /example.org
ldap_create
ldap_url_parse_ext(ldap://%
2Fexample.org)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ld
ap_int_open_connection
ldap_connect_to_host: TCP /example.org:389
ldap_connect_to_
host: getaddrinfo failed: Name or service not known
ldap_err2string
ldap_sasl_bind
(SIMPLE): Can't contact LDAP server (-1)
(2) 
$ ldapsearch -x -d 255 -h /example.org -p 389
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying ::1 389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 3
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 3
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Best, Alex
On Sat, 2018-03-03 at 16:24 +0000, andrew.lawrence@siemens.com wrote:
...
@Alex The difference in behaviour is because it constructs a uri from the h=
ostname and port. If there is no port you end up with an invalid uri. I am =
not sure if this is necessarily a good thing.
Cheers,
Andy