[Issue 10334] New: When there is no entry in ldap db getting success response instead of noSuchObject
https://bugs.openldap.org/show_bug.cgi?id=10334
Issue ID: 10334 Summary: When there is no entry in ldap db getting success response instead of noSuchObject Product: OpenLDAP Version: unspecified Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: niranjan.ganjikunta@ericsson.com Target Milestone: ---
Created attachment 1065 --> https://bugs.openldap.org/attachment.cgi?id=1065&action=edit noSuchobject overlay module
Hi Team,
We are hosting an LDAP server on an Ubuntu Linux system, and our requirement is to return a noSuchObject error in the LDAP response when a search yields no results, instead of returning a success response.
we are using below search command.
ldapsearch -b "ou=Subscribers,ou=sda,o=centertel.pl" -D "cn=admin" -w "XXXXX" -H ldap://ip:389 -v -s sub "ptkSubscriberIMSI=26003123456789"
This command is trying to search for the imsi under the base dn by using the filter. in this case if there is no entry present in db we are expecting noSuchObject (32) response from ldap.
We tried to build overlay by using below c++ script to modify the default ldap behaviour to get nosuchobject when there is no entry in db.
#include "portable.h" // Required for OpenLDAP build environment #include <stdio.h> #include <ac/string.h> // OpenLDAP-specific replacements #include <ac/regex.h> // Brings in regex_t, regmatch_t #include <ldap.h> #include "slap.h" #include <stdio.h> #include <ldap.h> #include <slap.h>
int my_overlay_search(Operation *op, SlapReply *rs) { // Correct call to next overlay/backend int rc = overlay_op_walk(op, rs, SLAP_OP_SEARCH, (slap_overinfo *)op->o_bd->bd_info, NULL);
if (rs->sr_err == LDAP_SUCCESS && rs->sr_entry == NULL) { rs->sr_err = LDAP_NO_SUCH_OBJECT; rs->sr_text = "No such object found"; Debug(LDAP_DEBUG_ANY, "Custom overlay: noSuchObject error triggered\n"); }
return rc; } and by using below command build .so file gcc -fPIC -shared \ -I "$OPENLDAP_SRC/include" \ -I "$OPENLDAP_SRC/servers/slapd" \ -I "$OPENLDAP_SRC/libraries/libldap" \ -I "$OPENLDAP_SRC/libraries/liblber" \ -o "my_overlay.c" "noSuchobject_overlay.so" \ -lldap
we didnt get any error while building the .so file.
but while loading the module by using below ldif file content getting error
dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: /usr/lib/ldap/noSuchobject_overlay.so config="/etc/ldap/ldap.conf"
root@lodsto-essvt:~# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f new_load_overlay.ldif modifying entry "cn=module{0},cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional info: <olcModuleLoad> handler exited with 1
and we got stuck in this module load.
May be can you review and propose proper steps and script to build the required module to get expected ldap behaviour.
Thanks in advance.
https://bugs.openldap.org/show_bug.cgi?id=10334
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to Niranjan from comment #0)
Created attachment 1065 [details] noSuchobject overlay module
Hi Team,
We are hosting an LDAP server on an Ubuntu Linux system, and our requirement is to return a noSuchObject error in the LDAP response when a search yields no results, instead of returning a success response.
Why is your system supposedly using LDAP but requiring a behavior that is contrary to the LDAP specification? Sounds like your clients are broken and need to be fixed.
May be can you review and propose proper steps and script to build the required module to get expected ldap behaviour.
This tracker is for OpenLDAP bugs, not consulting support.
-
openldap-its@openldap.org