1 /* search.c - ldap backend search function */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1999-2011 The OpenLDAP Foundation.
6 * Portions Copyright 1999-2003 Howard Chu.
7 * Portions Copyright 2000-2003 Pierangelo Masarati.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This work was initially developed by the Howard Chu for inclusion
20 * in OpenLDAP Software and subsequently enhanced by Pierangelo
28 #include <ac/socket.h>
29 #include <ac/string.h>
33 #include "back-ldap.h"
34 #include "../../../libraries/liblber/lber-int.h"
39 ldap_build_entry( Operation *op, LDAPMessage *e, Entry *ent,
43 * replaces (&) with (objectClass=*) and (|) with (!(objectClass=*))
44 * as the best replacement for RFC 4526 absolute true/absolute false
45 * filters; the only difference (AFAIK) is that they require search
46 * access to objectClass.
48 * filter->bv_val may be alloc'd on the thread's slab, if equal to
49 * op->ors_filterstr.bv_val, or realloc'd on the thread's slab otherwise.
52 ldap_back_munge_filter(
54 struct berval *filter )
59 Debug( LDAP_DEBUG_ARGS, "=> ldap_back_munge_filter \"%s\"\n",
60 filter->bv_val, 0, 0 );
62 for ( ptr = strchr( filter->bv_val, '(' );
64 ptr = strchr( ptr, '(' ) )
67 bv_t = BER_BVC( "(&)" ),
68 bv_f = BER_BVC( "(|)" ),
69 bv_T = BER_BVC( "(objectClass=*)" ),
70 bv_F = BER_BVC( "(!(objectClass=*))" );
71 struct berval *oldbv = NULL,
73 oldfilter = BER_BVNULL;
75 if ( ptr[2] != ')' ) {
92 /* should be an error */
97 filter->bv_len += newbv->bv_len - oldbv->bv_len;
98 if ( filter->bv_val == op->ors_filterstr.bv_val ) {
99 filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
102 AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
103 ptr - oldfilter.bv_val );
106 filter->bv_val = op->o_tmprealloc( filter->bv_val,
107 filter->bv_len + 1, op->o_tmpmemctx );
110 ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
112 AC_MEMCPY( &ptr[ newbv->bv_len ],
113 &ptr[ oldbv->bv_len ],
114 oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 );
115 AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len );
117 ptr += newbv->bv_len;
122 Debug( LDAP_DEBUG_ARGS, "<= ldap_back_munge_filter \"%s\" (%d)\n",
123 filter->bv_val, gotit, 0 );
133 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
135 ldapconn_t *lc = NULL;
137 time_t stoptime = (time_t)(-1);
142 struct berval match = BER_BVNULL,
146 int freetext = 0, filter_undef = 0;
147 int do_retry = 1, dont_retry = 0;
148 LDAPControl **ctrls = NULL;
149 char **references = NULL;
151 rs_assert_ready( rs );
152 rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
154 if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
159 * FIXME: in case of values return filter, we might want
160 * to map attrs and maybe rewrite value
163 if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
164 tv.tv_sec = op->ors_tlimit;
166 stoptime = op->o_time + op->ors_tlimit;
169 LDAP_BACK_TV_SET( &tv );
173 if ( op->ors_attrs ) {
174 for ( ; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ )
175 /* just count attrs */ ;
179 if ( op->o_bd->be_extra_anlist ) {
180 for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )
181 /* just count attrs */ ;
184 if ( i > 0 || x > 0 ) {
187 attrs = op->o_tmpalloc( ( i + x + 1 )*sizeof( char * ),
189 if ( attrs == NULL ) {
190 rs->sr_err = LDAP_NO_MEMORY;
196 for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++, j++ ) {
197 attrs[ j ] = op->ors_attrs[i].an_name.bv_val;
202 for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++, j++ ) {
203 if ( op->o_bd->be_extra_anlist[x].an_desc &&
204 ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, op->ors_attrs ) )
209 attrs[ j ] = op->o_bd->be_extra_anlist[x].an_name.bv_val;
217 rc = ldap_back_controls_add( op, rs, lc, &ctrls );
218 if ( rc != LDAP_SUCCESS ) {
222 /* deal with <draft-zeilenga-ldap-t-f> filters */
223 filter = op->ors_filterstr;
225 /* this goes after retry because ldap_back_munge_filter()
226 * optionally replaces RFC 4526 T-F filters (&) (|)
227 * if already computed, they will be re-installed
228 * by filter2bv_undef_x() later */
229 if ( !LDAP_BACK_T_F( li ) ) {
230 ldap_back_munge_filter( op, &filter );
233 rs->sr_err = ldap_pvt_search( lc->lc_ld, op->o_req_dn.bv_val,
234 op->ors_scope, filter.bv_val,
235 attrs, op->ors_attrsonly, ctrls, NULL,
236 tv.tv_sec ? &tv : NULL,
237 op->ors_slimit, op->ors_deref, &msgid );
239 if ( rs->sr_err != LDAP_SUCCESS ) {
240 switch ( rs->sr_err ) {
241 case LDAP_SERVER_DOWN:
244 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
250 /* reset by ldap_back_retry ... */
251 rs->sr_err = slap_map_api2result( rs );
254 rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
259 case LDAP_FILTER_ERROR:
261 if ( !filter_undef &&
262 strstr( filter.bv_val, "(?" ) &&
263 !LDAP_BACK_NOUNDEFFILTER( li ) )
265 BER_BVZERO( &filter );
266 filter2bv_undef_x( op, op->ors_filter, 1, &filter );
271 /* invalid filters return success with no data */
272 rs->sr_err = LDAP_SUCCESS;
277 rs->sr_err = slap_map_api2result( rs );
283 /* if needed, initialize timeout */
284 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
285 if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
286 tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
291 /* We pull apart the ber result, stuff it into a slapd entry, and
292 * let send_search_entry stuff it back into ber format. Slow & ugly,
293 * but this is necessary for version matching, and for ACL processing.
296 for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
298 /* check for abandon */
299 if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
303 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
308 if ( rc == 0 || rc == -2 ) {
309 ldap_pvt_thread_yield();
312 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
314 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
315 rs->sr_text = "Operation timed out";
316 rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
317 LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
322 LDAP_BACK_TV_SET( &tv );
325 /* check time limit */
326 if ( op->ors_tlimit != SLAP_NO_LIMIT
327 && slap_get_time() > stoptime )
329 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
330 rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
336 /* only touch when activity actually took place... */
337 if ( li->li_idle_timeout && lc ) {
338 lc->lc_time = op->o_time;
341 /* don't retry any more */
346 if ( rc == LDAP_RES_SEARCH_ENTRY ) {
348 struct berval bdn = BER_BVNULL;
352 e = ldap_first_entry( lc->lc_ld, res );
353 rc = ldap_build_entry( op, e, &ent, &bdn );
354 if ( rc == LDAP_SUCCESS ) {
355 ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
357 rs->sr_attrs = op->ors_attrs;
358 rs->sr_operational_attrs = NULL;
360 rs->sr_err = LDAP_SUCCESS;
361 rc = rs->sr_err = send_search_entry( op, rs );
362 if ( rs->sr_ctrls ) {
363 ldap_controls_free( rs->sr_ctrls );
368 if ( !BER_BVISNULL( &ent.e_name ) ) {
369 assert( ent.e_name.bv_val != bdn.bv_val );
370 op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
371 BER_BVZERO( &ent.e_name );
373 if ( !BER_BVISNULL( &ent.e_nname ) ) {
374 op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
375 BER_BVZERO( &ent.e_nname );
382 case LDAP_INSUFFICIENT_ACCESS:
386 if ( rc == LDAP_UNAVAILABLE ) {
387 rc = rs->sr_err = LDAP_OTHER;
389 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
394 } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
395 if ( LDAP_BACK_NOREFS( li ) ) {
401 rc = ldap_parse_reference( lc->lc_ld, res,
402 &references, &rs->sr_ctrls, 1 );
404 if ( rc != LDAP_SUCCESS ) {
408 /* FIXME: there MUST be at least one */
409 if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
412 for ( cnt = 0; references[ cnt ]; cnt++ )
415 /* FIXME: there MUST be at least one */
416 rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
419 for ( cnt = 0; references[ cnt ]; cnt++ ) {
420 ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
422 BER_BVZERO( &rs->sr_ref[ cnt ] );
424 /* ignore return value by now */
425 RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
427 ( void )send_search_reference( op, rs );
430 Debug( LDAP_DEBUG_ANY,
431 "%s ldap_back_search: "
432 "got SEARCH_REFERENCE "
433 "with no referrals\n",
434 op->o_log_prefix, 0, 0 );
439 ber_memvfree( (void **)references );
440 op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
445 if ( rs->sr_ctrls ) {
446 ldap_controls_free( rs->sr_ctrls );
450 } else if ( rc == LDAP_RES_INTERMEDIATE ) {
451 /* FIXME: response controls
452 * are passed without checks */
453 rc = ldap_parse_intermediate( lc->lc_ld,
455 (char **)&rs->sr_rspoid,
459 if ( rc != LDAP_SUCCESS ) {
463 slap_send_ldap_intermediate( op, rs );
465 if ( rs->sr_rspoid != NULL ) {
466 ber_memfree( (char *)rs->sr_rspoid );
467 rs->sr_rspoid = NULL;
470 if ( rs->sr_rspdata != NULL ) {
471 ber_bvfree( rs->sr_rspdata );
472 rs->sr_rspdata = NULL;
475 if ( rs->sr_ctrls != NULL ) {
476 ldap_controls_free( rs->sr_ctrls );
483 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
485 &references, &rs->sr_ctrls, 1 );
486 if ( rc == LDAP_SUCCESS ) {
494 rs->sr_err = slap_map_api2result( rs );
496 /* RFC 4511: referrals can only appear
497 * if result code is LDAP_REFERRAL */
500 && references[ 0 ][ 0 ] )
502 if ( rs->sr_err != LDAP_REFERRAL ) {
503 Debug( LDAP_DEBUG_ANY,
504 "%s ldap_back_search: "
505 "got referrals with err=%d\n",
512 for ( cnt = 0; references[ cnt ]; cnt++ )
515 rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
518 for ( cnt = 0; references[ cnt ]; cnt++ ) {
520 ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
522 BER_BVZERO( &rs->sr_ref[ cnt ] );
525 } else if ( rs->sr_err == LDAP_REFERRAL ) {
526 Debug( LDAP_DEBUG_ANY,
527 "%s ldap_back_search: "
528 "got err=%d with null "
529 "or empty referrals\n",
533 rs->sr_err = LDAP_NO_SUCH_OBJECT;
536 if ( match.bv_val != NULL ) {
537 match.bv_len = strlen( match.bv_val );
544 /* if needed, restore timeout */
545 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
546 if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
547 tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
553 if ( rc == -1 && dont_retry == 0 ) {
556 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
560 rs->sr_err = LDAP_SERVER_DOWN;
561 rs->sr_err = slap_map_api2result( rs );
566 * Rewrite the matched portion of the search base, if required
568 if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
569 struct berval pmatch;
571 if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) != LDAP_SUCCESS ) {
572 pmatch.bv_val = match.bv_val;
575 rs->sr_matched = pmatch.bv_val;
576 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
578 if ( !BER_BVISNULL( &match ) ) {
579 ber_memfree( match.bv_val );
582 if ( rs->sr_v2ref ) {
583 rs->sr_err = LDAP_REFERRAL;
587 if ( LDAP_BACK_QUARANTINE( li ) ) {
588 ldap_back_quarantine( op, rs );
591 if ( filter.bv_val != op->ors_filterstr.bv_val ) {
592 op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
596 /* let send_ldap_result play cleanup handlers (ITS#4645) */
597 if ( rc != SLAPD_ABANDON )
600 send_ldap_result( op, rs );
603 (void)ldap_back_controls_free( op, rs, &ctrls );
605 if ( rs->sr_ctrls ) {
606 ldap_controls_free( rs->sr_ctrls );
612 ber_memfree( (char *)rs->sr_text );
618 op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
623 ber_memvfree( (void **)references );
627 op->o_tmpfree( attrs, op->o_tmpmemctx );
631 ldap_back_release_conn( li, lc );
645 BerElement ber = *ldap_get_message_ber( e );
646 Attribute *attr, **attrp;
652 /* safe assumptions ... */
653 assert( ent != NULL );
654 BER_BVZERO( &ent->e_bv );
656 if ( ber_scanf( &ber, "{m", bdn ) == LBER_ERROR ) {
657 return LDAP_DECODING_ERROR;
661 * Note: this may fail if the target host(s) schema differs
662 * from the one known to the meta, and a DN with unknown
663 * attributes is returned.
665 * FIXME: should we log anything, or delegate to dnNormalize?
667 /* Note: if the distinguished values or the naming attributes
668 * change, should we massage them as well?
670 if ( dnPrettyNormal( NULL, bdn, &ent->e_name, &ent->e_nname,
671 op->o_tmpmemctx ) != LDAP_SUCCESS )
673 return LDAP_INVALID_DN_SYNTAX;
677 if ( ber_first_element( &ber, &len, &lastb ) != LBER_SEQUENCE ) {
681 attrp = &ent->e_attrs;
682 while ( ber_next_element( &ber, &len, lastb ) == LBER_SEQUENCE &&
683 ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
685 slap_syntax_validate_func *validate;
686 slap_syntax_transform_func *pretty;
688 attr = attr_alloc( NULL );
689 if ( attr == NULL ) {
692 if ( slap_bv2ad( &a, &attr->a_desc, &text )
695 if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
696 SLAP_AD_PROXIED ) != LDAP_SUCCESS )
698 Debug( LDAP_DEBUG_ANY,
699 "%s ldap_build_entry: "
700 "slap_bv2undef_ad(%s): %s\n",
701 op->o_log_prefix, a.bv_val, text );
703 ( void )ber_scanf( &ber, "x" /* [W] */ );
709 /* no subschemaSubentry */
710 if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
711 || attr->a_desc == slap_schema.si_ad_entryDN )
715 * We eat target's subschemaSubentry because
716 * a search for this value is likely not
717 * to resolve to the appropriate backend;
718 * later, the local subschemaSubentry is
721 * We also eat entryDN because the frontend
722 * will reattach it without checking if already
725 ( void )ber_scanf( &ber, "x" /* [W] */ );
730 if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
731 || attr->a_vals == NULL )
734 * Note: attr->a_vals can be null when using
735 * values result filter
737 attr->a_vals = (struct berval *)&slap_dummy_bv;
740 validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
741 pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
743 if ( !validate && !pretty ) {
744 attr->a_nvals = NULL;
749 for ( i = 0; !BER_BVISNULL( &attr->a_vals[i] ); i++ ) ;
753 * check that each value is valid per syntax
754 * and pretty if appropriate
756 for ( i = 0; i<last; i++ ) {
761 rc = ordered_value_pretty( attr->a_desc,
762 &attr->a_vals[i], &pval, NULL );
765 rc = ordered_value_validate( attr->a_desc,
766 &attr->a_vals[i], 0 );
769 if ( rc != LDAP_SUCCESS ) {
772 /* check if, by chance, it's an undefined objectClass */
773 if ( attr->a_desc == slap_schema.si_ad_objectClass &&
774 ( oc = oc_bvfind_undef( &attr->a_vals[i] ) ) != NULL )
776 ber_dupbv( &pval, &oc->soc_cname );
780 ber_memfree( attr->a_vals[i].bv_val );
782 BER_BVZERO( &attr->a_vals[i] );
785 attr->a_vals[i] = attr->a_vals[last];
786 BER_BVZERO( &attr->a_vals[last] );
791 if ( rc == LDAP_SUCCESS && pretty ) {
792 ber_memfree( attr->a_vals[i].bv_val );
793 attr->a_vals[i] = pval;
796 attr->a_numvals = last = i;
797 if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
798 attr->a_nvals = NULL;
803 if ( last && attr->a_desc->ad_type->sat_equality &&
804 attr->a_desc->ad_type->sat_equality->smr_normalize )
806 attr->a_nvals = ch_malloc( ( last + 1 )*sizeof( struct berval ) );
807 for ( i = 0; i < last; i++ ) {
810 rc = ordered_value_normalize(
811 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
813 attr->a_desc->ad_type->sat_equality,
814 &attr->a_vals[i], &attr->a_nvals[i],
817 if ( rc != LDAP_SUCCESS ) {
818 ber_memfree( attr->a_vals[i].bv_val );
820 BER_BVZERO( &attr->a_vals[i] );
823 attr->a_vals[i] = attr->a_vals[last];
824 BER_BVZERO( &attr->a_vals[last] );
828 BER_BVZERO( &attr->a_nvals[i] );
835 attr->a_nvals = attr->a_vals;
838 attr->a_numvals = last;
840 /* Handle sorted vals, strip dups but keep the attr */
841 if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
842 while ( attr->a_numvals > 1 ) {
843 int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
844 if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
847 /* Strip duplicate values */
848 if ( attr->a_nvals != attr->a_vals )
849 ber_memfree( attr->a_nvals[i].bv_val );
850 ber_memfree( attr->a_vals[i].bv_val );
854 if ( (unsigned)i < attr->a_numvals ) {
855 attr->a_vals[i] = attr->a_vals[attr->a_numvals];
856 if ( attr->a_nvals != attr->a_vals )
857 attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
859 BER_BVZERO(&attr->a_vals[attr->a_numvals]);
860 if ( attr->a_nvals != attr->a_vals )
861 BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
863 attr->a_flags |= SLAP_ATTR_SORTED_VALS;
867 attrp = &attr->a_next;
875 /* return 0 IFF we can retrieve the entry with ndn
882 AttributeDescription *at,
886 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
888 ldapconn_t *lc = NULL;
893 LDAPMessage *result = NULL,
895 char *attr[3], **attrp = NULL;
899 LDAPControl **ctrls = NULL;
903 /* Tell getconn this is a privileged op */
904 do_not_cache = op->o_do_not_cache;
907 op->o_do_not_cache = 1;
908 /* ldap_back_entry_get() is an entry lookup, so it does not need
909 * to know what the entry is being looked up for */
910 op->o_tag = LDAP_REQ_SEARCH;
911 rc = ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND );
912 op->o_do_not_cache = do_not_cache;
920 if ( oc && at != slap_schema.si_ad_objectClass ) {
921 attr[0] = slap_schema.si_ad_objectClass->ad_cname.bv_val;
922 attr[1] = at->ad_cname.bv_val;
926 attr[0] = at->ad_cname.bv_val;
934 filter = op->o_tmpalloc( STRLENOF( "(objectClass=" ")" )
935 + oc->soc_cname.bv_len + 1, op->o_tmpmemctx );
936 ptr = lutil_strcopy( filter, "(objectClass=" );
937 ptr = lutil_strcopy( ptr, oc->soc_cname.bv_val );
944 rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
945 if ( rc != LDAP_SUCCESS ) {
950 rc = ldap_pvt_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
951 attrp, LDAP_DEREF_NEVER, ctrls, NULL,
952 NULL, LDAP_NO_LIMIT, 0, &result );
953 if ( rc != LDAP_SUCCESS ) {
954 if ( rc == LDAP_SERVER_DOWN && do_retry ) {
956 if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
957 /* if the identity changed, there might be need to re-authz */
958 (void)ldap_back_controls_free( op, &rs, &ctrls );
965 e = ldap_first_entry( lc->lc_ld, result );
967 /* the entry exists, but it doesn't match the filter? */
971 *ent = entry_alloc();
972 if ( *ent == NULL ) {
977 rc = ldap_build_entry( op, e, *ent, &bdn );
979 if ( rc != LDAP_SUCCESS ) {
985 (void)ldap_back_controls_free( op, &rs, &ctrls );
988 ldap_msgfree( result );
992 op->o_tmpfree( filter, op->o_tmpmemctx );
996 ldap_back_release_conn( li, lc );
projects / openldap / blob