LDAP and "Ambiguous search result"
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Nov 9 16:14:00 CET 2016
> On Nov 9, 2016, at 3:23 AM, Peter Lambrechtsen <peter at crypt.nz> wrote:
>
> Hi Folks
>
> I have an interesting question in regards to how best to handle the
> "Ambiguous search result" use case.
>
> If I have a search and returns two entries I get the error:
>
> (1) ldap: ERROR: Ambiguous search result, returned 2 unsorted entries
> (should return 1 or 0). Enable sorting, or specify a more restrictive
> base_dn, filter or scope
> (1) ldap: ERROR: The following entries were returned:
>
> Which is obvious, but the module returns fail.
>
> In previous versions the return code was invalid.
Oh, that's weird. I've switched it back to invalid.
> But the second time once all the threads have been closed I get no failure
> message
>
> rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase
> "spare"
> rlm_ldap (ldap): Opening additional connection (5), 1 of 32 pending slots
> used
> rlm_ldap (ldap): Connecting to ldap://127.0.0.1:389
> rlm_ldap (ldap): Bind with cn=FreeRadius,o=Identities to ldap://
> 127.0.0.1:389 failed: Can't contact LDAP server
> rlm_ldap (ldap): Opening connection failed (5)
>
> But there isn't anything in the Module fail message to indicate what the
> root cause is.
Because libldap doesn't provide any more info... I'd run tcpdump and see what's actually happening there.
> Thoughts and suggestions on if the Ambiguous should be an invalid or fail.
Should be invalid.
Module-Failure-Message attributes don't get overwritten, multiple instances get added to build an OpenSSL like error stack.
You can loop over them with foreach.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20161109/88a3da89/attachment.sig>
More information about the Freeradius-Devel
mailing list