Hi,

Trying to get a ldapclient to authenticate against it, but having a difficult time trying to figure out what i'm doing wrong. Would appreciate any tip/help pointing me in the correct direction.


Company has a Microsoft Active Directory structure, like

domain.com
region_a
users
john.doe
marcus.zap
servers
...
...
region_b
users
magaly.frap
roger.smith
...
servers
...
...



Testing with ldapsearch, it works fine, returning the entry of john.doe, if i do a:

>$ ldapsearch -v -h ldap_srv -p 389 -s sub -z 2 -l 15 -D auth_dn -w pass_dn -b "DC=domain,DC=com"  "(sAMAccountName=john.doe)" sAMAccountName 

:: for info
>$ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.28 (Jul  4 2013 21:48:28) $
root@b1026.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-208.5~1/clients/tools
(LDAP library: OpenLDAP 20428)


=========
But with a simple code (extract bellow), on the same machine as the ldapsearch above, i'm unable to make it work.

....
struct timeval timeOut = {15,0};   /* 15 second connection timeout */
char *attrs[] = {"sAMAccountName", NULL};

  if ( (ld = ldap_init( "ldap_srv", 389 )) == NULL ) { 
    return( 1 ); /* error */
  } 

  /* Bind with credentials to the LDAP server. */ 
  rc = ldap_simple_bind_s( ld, auth_dn, pass_dn ); 
  if ( rc != LDAP_SUCCESS ) { 
    return( 1 ); /* error */
  } 

  /* Search for the entry. */ 
  fprintf(stderr, "ldap_simple_bind_s(): Entering...\n"); 
  
  rc = ldap_search_ext_s( ld, "DC=domain,DC=com", LDAP_SCOPE_SUBTREE, 
    "(sAMAccountName=john.doe)", NULL, 0, NULL, NULL, &timeOut, 
    2, &result );

  fprintf(stderr, "ldap_simple_bind_s(): after. rc=%d...\n", rc); 
...
...

::::::

The ldap_init(), ldap_simple_bind_s(), both work correctly. 

The call to: 
ldap_search_ext_s( ld, "DC=domain,DC=com", ....
does never come back from the function call, i have waited for more than one hour. I never get the 2nd fprintf(...)

Another point, should the ldap_search_ext_s() not return with an error after the defined "timeOut" (in my case 15 seconds) ? 

But, if i change the 2nd parameter (base dn) from: "DC=domain,DC=com" to "OU=region_a,DC=domain,DC=com", it works fine, returning the entry for john.doe in a few seconds.




As i need to check users inside all of the "regions", i can't have the OU=region on the base search, because if i use it with OU=region_a,dc=domain,dc=com i'm not able to find the users from region_b, as expected :)


Any tips to help me figure out what i'm doing wrong?

Thanks
werner