compiling against OpenLDAP 2.0.11

Michael Ströder michael at stroeder.com
Wed Jul 11 11:29:20 CEST 2001


Konstantin Chuguev wrote:
> 
> Yes, OpenLDAP-2.0.11 and especially recent changes in python-ldap CVS
> repository require a new version of patches. I've attached them.

I tried these patches. They seem to work (LDAPv3 connects with
recent web2ldap 0.9.x :-). But still there's the problem that LDAP
URLs in referrals are not properly formatted. From some discussions
on openldap-software I suspect the OpenLDAP 2 libs.

Example:

When searching
ldap://ldap.surfnet.nl/c=BE?ou,mail,uid,telephoneNumber,labeledurl,cn,objectClass,displayName?one

the OpenLDAP 2 lib returns the referral URL
ldap://tor.dante.org.uk:1389?ou,mail,uid,telephoneNumber,labeledurl,cn,objectClass,displayName?one

This LDAP URL does not contain a slash behind the hostport part. My
LDAP URL parser (usually in nitpicking mode) expects a trailing
slash after hostport (which might be empty) if there are any
parameters after hostport.

Glancing at RFC2255 seems to confirm this assumption:

       ldapurl    = scheme "://" [hostport] ["/"
                    [dn ["?" [attributes] ["?" [scope]
                    ["?" [filter] ["?" extensions]]]]]]

I tried to raise this at the OpenLDAP 2 libs but it was rather
ignored since I could not provide a detailed example. I could only
provide a python-ldap example there but surely Kurt would have
pointed me back to bugs in python-ldap.

Anybody willing to write a short C source example confirming this
possible bug? Search something which returns a referral LDAP URL and
look at the LDAP URL returned (switch off automatic referral
chasing).

> The patches don't change the behaviour of python-ldap when compiled
> against OpenLDAPv1, but create an alternative code when used with
> OpenLDAPv2.

That's great!

> Here are the differences between python-ldap compiled
> [..]
>    * new type of data added to the Python dictionary returned as a
>      result of ldap_result:
>      Dictionary keys are DNs, values are entry objects. If the key is
>      empty, the value is the list of referrals (URL text strings).

I completely forgot what we've defined in November but web2ldap
seems to display the search continuations nicely. ;-)
E.g.
ldap://ldap.nameflow.net:1389/c%3DFI??base?%28objectclass%3D%2A%29
shows
Referral => 
    ldap://193.166.0.77:389/dmdName=FunetDir,%20c=FI??base

in search result table.

Sorry Konstantin, the on-line demo at
http://sites.inka.de:8002/web2ldap is still running with python-ldap
built against OpenLDAP 1.2.x. You have to install web2ldap locally
to do the testing. Make sure to look at the output of the ConnInfo
button to confirm that it says "LDAPv3 connection to:".

Ciao, Michael.




More information about the python-ldap mailing list