Hi,
I have written a C ldap client to interact with a MS Active Directory in Win Server 2003.
When I search for the base DNs from scope LDAP_SCOPE_BASE I get all the results perfectly.But when I try to search for an existing user anonymously( I set all the permissions in the ACLS ) it hangs indefinitely.
Now, surprisingly when I search with the ldapsearch tool it works fine.
I use this :
attrs[0]=LDAP_ALL_USER_ATTRIBUTES; attrs[1]=NULL; attrsonly=0;
ldap_search_s(ld,"dc=test,dc=com",LDAP_SCOPE_SUBTREE,"uid=test",NULL,0,&msg)
After a long period when it returns, I get return code 0 (Success) but there is no entry in that.
Can anyone help me? This works fine with slapd server 2.4.12.I am totally confused.
Thanks,
Sankhadip
Sankhadip Sengupta wrote:
I have written a C ldap client to interact with a MS Active
Directory in Win Server 2003.
When I search for the base DNs from scope LDAP_SCOPE_BASE I get all the results perfectly.But when I try to search for an existing user anonymously( I set all the permissions in the ACLS ) it hangs indefinitely.
In the default config MS AD does not allow anonymous access for most of the entries. Why your LDAP client hangs is another question only you can answer.
Ciao, Michael.
----- "Michael Ströder" michael@stroeder.com wrote:
Sankhadip Sengupta wrote:
I have written a C ldap client to interact with a MS Active
Directory in Win Server 2003.
When I search for the base DNs from scope LDAP_SCOPE_BASE I get all
the
results perfectly.But when I try to search for an existing user anonymously( I set all the permissions in the ACLS ) it hangs
indefinitely.
In the default config MS AD does not allow anonymous access for most of the entries. Why your LDAP client hangs is another question only you can answer.
Probably, the library by default tries to chase referrals (and AD can return many), while OpenLDAP's tools don't.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Thank you sir for you reply.So I tried that again and this time the search worked but after 6 mins or something it returned the result.
Is there any way to bypass this delay or to avoid the referrals? I do set an option like
ldap_set_option(ld,LDAP_SET_REFERRALS,×) where times=0 so stop referrrals.
Any suggestions?
Thanks,
Sankhadip ----- Original Message ----- From: "Pierangelo Masarati" ando@sys-net.it To: "Michael Ströder" michael@stroeder.com Cc: "Sankhadip Sengupta" shanks.iit@gmail.com; openldap-technical@openldap.org Sent: Friday, February 06, 2009 5:00 AM Subject: Re: ldap_search_s hangs with ms active directory
----- "Michael Ströder" michael@stroeder.com wrote:
Sankhadip Sengupta wrote:
I have written a C ldap client to interact with a MS Active
Directory in Win Server 2003.
When I search for the base DNs from scope LDAP_SCOPE_BASE I get all
the
results perfectly.But when I try to search for an existing user anonymously( I set all the permissions in the ACLS ) it hangs
indefinitely.
In the default config MS AD does not allow anonymous access for most of the entries. Why your LDAP client hangs is another question only you can answer.
Probably, the library by default tries to chase referrals (and AD can return many), while OpenLDAP's tools don't.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it
Sankhadip Sengupta wrote:
Thank you sir for you reply.So I tried that again and this time the search worked but after 6 mins or something it returned the result.
Is there any way to bypass this delay or to avoid the referrals? I do set an option like
ldap_set_option(ld,LDAP_SET_REFERRALS,×) where times=0 so stop referrrals.
I don't see any LDAP_SET_REFERRALS in OpenLDAP code. You're supposed to use
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF )
to disable them in your code. This needs to be set before you run operations that could return a referral. You should then be prepared to receive explicit referrals or search references (either LDAP_REFERRAL return code at end of operation, or LDAP_RES_SEARCH_REFERENCE return code in intermediate responses to searche requests).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
Thank you sir.I understand what you meant.I did set the option and the first search returned immediately.But the 2nd search took a long time.I do not know how to seperate this search reference or to explicitly handle this.Could you kindly provide some sample code ( a few lines) or a pointer to any, so that I can get a better insight into this?
Thank you and I appreciate your help,
Sankhadip ----- Original Message ----- From: "Pierangelo Masarati" ando@sys-net.it To: "Sankhadip Sengupta" shanks.iit@gmail.com Cc: openldap-technical@openldap.org Sent: Saturday, February 07, 2009 3:12 AM Subject: Re: ldap_search_s hangs with ms active directory
Sankhadip Sengupta wrote:
Thank you sir for you reply.So I tried that again and this time the search worked but after 6 mins or something it returned the result.
Is there any way to bypass this delay or to avoid the referrals? I do set an option like
ldap_set_option(ld,LDAP_SET_REFERRALS,×) where times=0 so stop referrrals.
I don't see any LDAP_SET_REFERRALS in OpenLDAP code. You're supposed to use
ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF )
to disable them in your code. This needs to be set before you run operations that could return a referral. You should then be prepared to receive explicit referrals or search references (either LDAP_REFERRAL return code at end of operation, or LDAP_RES_SEARCH_REFERENCE return code in intermediate responses to searche requests).
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it
openldap-technical@openldap.org