[Bug 1023025] Re: search fail with get_ctrls : controls require LDAPv3

Thu Jul 19 12:30:33 UTC 2012

** Description changed:

- On precise, the slapd daemon return "error code 2 - controls require
- LDAPv3" to client search. I don't see any reason why this would occure,
- because if you run the same command few seconds later, it (may) work.
+ [IMPACT]
  
- For example, using nss_ldap, when running in a loop "id pierref", you
- may sometime have fewer group that you would normally have. And few
- seconds later, everything go back to normal.
+ * Any client connecting in LDAPv3 and using v3 specific feature may fail
+ * This include libnss-ldap (so id user may not return all group). Thus you may login without all your groups and need to logout/login on more time.
+ * This issue is known and fixed on upsteam, ITS#7107 (commit 85c1c545f4e20882a2f748fcef5f732ea2d2ecf6).
  
- We also have this issue with some other tools, like Confluence
- (Atlassian's wiki) and also a internal tools developped in Python.
+ [TESTCASE]
  
- On client side (confluence), we have
- "javax.naming.CommunicationException: [LDAP: error code 2 - controls
- require LDAPv3];"
+ To reproduce this issue, you will need to do enougth search some with
+ version 2, other with version 3 and some control.
  
- On server side, we found the same "controls require LDAPv3" returned
- with get_ctrl function. I attached log extract of slapd server at
- loglevel any. On log I keep one successfull search done by confluence
- and one failed search.
+ Example:
  
- Note: on server log - if I understand log correctly - the client bind
- with version 3 of protocol... while error complain about not behind
- version 3...
- 
- Version:
- 
- * server : Ubuntu precise 3.2.0-26-generic x86_64, slapd 2.4.28-1.1ubuntu4
- * client 1 : Ubuntu lucid 2.6.32-41-server x86_64, libnss-ldap 264-2ubuntu2, ldap-utils 2.4.21-0ubuntu5.7
- * client 2 : Ubuntu precise 3.2.0-26-virtual x86_64, libnss-ldap 264-2.2ubuntu2, ldap-utils 2.4.28-1.1ubuntu4
- 
- Their is two LDAP server (replication), I attached configuration of
- both.
- 
- I also attached a "test_nss.sh" which show this bug on client side.
+ * In terminal A, run: while true; do ldapsearch -h 127.0.0.1 -b o=company uid=dontcare -P 2 > /dev/null;sleep 0.1;done
+ * Let the loop run for some time (it increase change of failure for next step).
+ * In terminal B, run ldapsearch -h 127.0.0.1 -b o=company uid=dontcare -M. You should not have to run more than 20 times before an error occure.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1023025

Title:
  search fail with get_ctrls : controls require LDAPv3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1023025/+subscriptions