Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Thunderbird not following LDAP referrals

7 views
Skip to first unread message

damiano...@gmail.com

unread,
Jan 10, 2006, 10:35:54 AM1/10/06
to
Hello,

How do I make Thunderbird follow LDAP referrals ? The SDK documentation
says that it is enabled by default but that's not the behavior I get :/
And I do have a 'referral' entry in my directory (OID
2.16.840.1.113730.3.2.6).
Using a network sniffer, I can see that the referral URL, contained in
the LDAP search result, gets to the browser. So I thought of building
Thunderbird with LDAP debugging to see what's going on. How do I do
that ?

Cheers,

--
Damiano ALBANI

Anton Bobrov

unread,
Jan 10, 2006, 11:39:21 AM1/10/06
to

have a look here http://docs.sun.com/source/817-6707/using.html#wp35283

damiano...@gmail.com

unread,
Jan 11, 2006, 12:14:33 PM1/11/06
to
After doing *much* research through the code, I found out : the library
refuses to process a reference URL if it contains a scope or a filter.
Cf.
<http://lxr.mozilla.org/mozilla1.8/source/directory/c-sdk/ldap/libraries/libldap/request.c#1119>.
Unfortunately, the OpenLDAP server adds automatically an empty scope
and filter in the result URL (e.g.
"http://server.fbi.gov/dc=fbi,dc=gov??").

After uncommenting that line, Thunderbird now supports LDAP referrals.
Phew ! :)

--
Damiano ALBANI

Rich Megginson

unread,
Jan 11, 2006, 12:22:48 PM1/11/06
to damiano...@gmail.com
Then, is this a bug in the mozilla ldap code? If so, can you please
file a bug in bugzilla.mozilla.org against Directory->LDAP C SDK?
Otherwise, I can do it.

damiano...@gmail.com

unread,
Jan 11, 2006, 1:18:45 PM1/11/06
to
Well, I don't know if it has to be considered as a bug (failure ?
feature request ?). Because the comment in the code does say :

/*
* XXXmcs: we don't support scope or filters in search referrals yet,
* so if either were present we return an error which is probably
* better than just ignoring the extra info.
*/

So Mozilla behaves correctly regarding to this limitation. It does
supports referrals, *except* with LDAP URLs which contain a scope or a
filter.

If you think this a truly a bug, please do so.

Cheers,

--
Damiano ALBANI

Rich Megginson

unread,
Jan 11, 2006, 2:39:59 PM1/11/06
to damiano...@gmail.com

I think it is a bug, or at least a lapse of LDAPv3 support - see
http://www.ietf.org/rfc/rfc2251.txt sections 4.1.11 and 4.5.3.
"Some servers (e.g. participating in distributed indexing) may provide a
different filter in a referral for a search operation. If the filter
part of the URL is present in an LDAPURL, the client MUST use this
filter in its next request to progress this search, and if it is not
present the client MUST use the same filter as it used for that search.
Other aspects of the new request may be the same or different as the
request which generated the referral."

So it seems as though we should honor the new filter. It doesn't say
whether or not the new scope should be honored. I suppose there are
several ways we could handle this:
1) Leave scope handling as is - return an error
2) Ignore the scope and just use the same scope as in the original
search request
3) Honor the scope
I prefer 3 - if a new scope is present, it's there for a reason and
should be respected. We could add another LDAP option for this so you
would be able to choose the 1, 2, or 3 behavior.

https://bugzilla.mozilla.org/show_bug.cgi?id=323064

>
> Cheers,
>

0 new messages