Hi,
I'm using OpenLDAP libraries (openldap2-devel-2.2.24-4.12 rpm of Suse
Enterprise 9)
In ldap.h we have defined LDAP_OPT_DEREF as:
#define LDAP_OPT_DEREF 0x0002
You are thinking about a openldap libraries bug (or this rpm bug) ??
I will try to debug it.
j
On 3/9/06, Philip Hazel <ph10@???> wrote:
>
> On Thu, 9 Mar 2006, Justo Alonso wrote:
>
> > Running strace I see that the lookup tries to search all references,
> but
> > I already set dereference=never, so it seems that it's not working. This
> is
> > the server_condition that I'm using:
> >
> > server_condition = ${lookup ldap {user="${lookup
> > ldapdn{user="LDAP_ACTIVE_USER" pass=${quote:LDAP_ACTIVE_PASS} \
> > dereference=never size=1
> > ldap:///LDAP_ACTIVE_BASEDN?dn?sub?LDAP_ACTIVE_AUTH_P}}" \
> > pass=${quote:$3} dereference=never size=1 \
> >
> > ldap:///LDAP_ACTIVE_BASEDN?mail?sub?LDAP_ACTIVE_AUTH_P}{1}{0}}
> >
> > If I set nettime=1 on the ldapdn lookup, then all works (I get the
> > timeout in just one second), the second query gets executed following no
> > references (maybe it's using the cached connection)
>
> I don't know much about LDAP (most of the code was contributed by
> others, though I have hacked it occasionally). However, I see that the
> code contains this snippet:
>
> /* Similarly for dereferencing aliases. Don't know if this is possible
> on
> an LDAP library without LDAP_OPT_DEREF. */
>
> #if defined(LDAP_OPT_DEREF)
> ldap_set_option(lcp->ld, LDAP_OPT_DEREF, (void *)&dereference);
> #endif
>
> This suggests that different LDAP libraries may or may not support the
> feature. So the first check is to see if LDAP_OPT_DEREF is defined in
> ldap.h on your system. But if it is, I'm not sure how to proceed,
> because the above code is all that is done by Exim. (The variable
> "deference" contains one of LDAP_DEREF_{NEVER,SEARCHING,FINDING,ALWAYS}
> at this stage.)
>
> --
> Philip Hazel University of Cambridge Computing Service
> Get the Exim 4 book: http://www.uit.co.uk/exim-book
>
