Hi everybody
I am trying to fix an authentication plugin for openvpn using the openldap library. I am new to the library, so I may lack some understanding.
Here is the situation The openldap version is 2.3.27
If I try to find a user with a base dn of
"ou=mnd999,dc=asp,dc=ruf,dc=ch"
which is the correct base dn for this user, the operation works correctly.
If I just use "dc=asp,dc=ruf,dc=ch"
the operation times out. I am using subtree search and I can see on a packet dump on the line that there is a reply from the ldap server.
The difference between the replies is that in the case of the correct DN just a search entry and a search result message is returned, whereas in the case of the incomplete DN a search entry, a number of search result references end a search result are returned. In both cases, the search result yields success.
The code calls
if ((err = ldap_search_ext_s(ldapConn, [base cString], LDAP_SCOPE_SUBTREE, [filter cString], attrArray, 0, NULL, NULL, &timeout, 5000, &res)) != LDAP_SUCCESS) { [TRLog error: "LDAP search failed: %d: %s", err, ldap_err2string(err)]; goto finish; }
This call times out and returns -5.
I can provide tcpdump files if needed.
Thanks
Erich