1 /* search.c - ldap backend search function */
3 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 * Copyright 1999-2012 The OpenLDAP Foundation.
6 * Portions Copyright 1999-2003 Howard Chu.
7 * Portions Copyright 2000-2003 Pierangelo Masarati.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted only as authorized by the OpenLDAP
14 * A copy of this license is available in the file LICENSE in the
15 * top-level directory of the distribution or, alternatively, at
16 * <http://www.OpenLDAP.org/license.html>.
19 * This work was initially developed by the Howard Chu for inclusion
20 * in OpenLDAP Software and subsequently enhanced by Pierangelo
28 #include <ac/socket.h>
29 #include <ac/string.h>
33 #include "back-ldap.h"
34 #include "../../../libraries/liblber/lber-int.h"
39 ldap_build_entry( Operation *op, LDAPMessage *e, Entry *ent,
43 * replaces (&) with (objectClass=*) and (|) with (!(objectClass=*))
44 * as the best replacement for RFC 4526 absolute true/absolute false
45 * filters; the only difference (AFAIK) is that they require search
46 * access to objectClass.
48 * filter->bv_val may be alloc'd on the thread's slab, if equal to
49 * op->ors_filterstr.bv_val, or realloc'd on the thread's slab otherwise.
52 ldap_back_munge_filter(
54 struct berval *filter )
59 Debug( LDAP_DEBUG_ARGS, "=> ldap_back_munge_filter \"%s\"\n",
60 filter->bv_val, 0, 0 );
62 for ( ptr = strchr( filter->bv_val, '(' );
64 ptr = strchr( ptr, '(' ) )
67 bv_t = BER_BVC( "(&)" ),
68 bv_f = BER_BVC( "(|)" ),
69 bv_T = BER_BVC( "(objectClass=*)" ),
70 bv_F = BER_BVC( "(!(objectClass=*))" );
71 struct berval *oldbv = NULL,
73 oldfilter = BER_BVNULL;
75 if ( ptr[2] != ')' ) {
92 /* should be an error */
97 filter->bv_len += newbv->bv_len - oldbv->bv_len;
98 if ( filter->bv_val == op->ors_filterstr.bv_val ) {
99 filter->bv_val = op->o_tmpalloc( filter->bv_len + 1,
102 AC_MEMCPY( filter->bv_val, op->ors_filterstr.bv_val,
103 ptr - oldfilter.bv_val );
106 filter->bv_val = op->o_tmprealloc( filter->bv_val,
107 filter->bv_len + 1, op->o_tmpmemctx );
110 ptr = filter->bv_val + ( ptr - oldfilter.bv_val );
112 AC_MEMCPY( &ptr[ newbv->bv_len ],
113 &ptr[ oldbv->bv_len ],
114 oldfilter.bv_len - ( ptr - filter->bv_val ) - oldbv->bv_len + 1 );
115 AC_MEMCPY( ptr, newbv->bv_val, newbv->bv_len );
117 ptr += newbv->bv_len;
122 Debug( LDAP_DEBUG_ARGS, "<= ldap_back_munge_filter \"%s\" (%d)\n",
123 filter->bv_val, gotit, 0 );
133 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
135 ldapconn_t *lc = NULL;
137 time_t stoptime = (time_t)(-1);
142 struct berval match = BER_BVNULL,
146 int freetext = 0, filter_undef = 0;
147 int do_retry = 1, dont_retry = 0;
148 LDAPControl **ctrls = NULL;
149 char **references = NULL;
151 rs_assert_ready( rs );
152 rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
154 if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
159 * FIXME: in case of values return filter, we might want
160 * to map attrs and maybe rewrite value
163 if ( op->ors_tlimit != SLAP_NO_LIMIT ) {
164 tv.tv_sec = op->ors_tlimit;
166 stoptime = op->o_time + op->ors_tlimit;
169 LDAP_BACK_TV_SET( &tv );
173 if ( op->ors_attrs ) {
174 for ( ; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++ )
175 /* just count attrs */ ;
179 if ( op->o_bd->be_extra_anlist ) {
180 for ( ; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++ )
181 /* just count attrs */ ;
184 if ( i > 0 || x > 0 ) {
187 attrs = op->o_tmpalloc( ( i + x + 1 )*sizeof( char * ),
189 if ( attrs == NULL ) {
190 rs->sr_err = LDAP_NO_MEMORY;
196 for ( i = 0; !BER_BVISNULL( &op->ors_attrs[i].an_name ); i++, j++ ) {
197 attrs[ j ] = op->ors_attrs[i].an_name.bv_val;
202 for ( x = 0; !BER_BVISNULL( &op->o_bd->be_extra_anlist[x].an_name ); x++, j++ ) {
203 if ( op->o_bd->be_extra_anlist[x].an_desc &&
204 ad_inlist( op->o_bd->be_extra_anlist[x].an_desc, op->ors_attrs ) )
209 attrs[ j ] = op->o_bd->be_extra_anlist[x].an_name.bv_val;
217 rc = ldap_back_controls_add( op, rs, lc, &ctrls );
218 if ( rc != LDAP_SUCCESS ) {
222 /* deal with <draft-zeilenga-ldap-t-f> filters */
223 filter = op->ors_filterstr;
225 /* this goes after retry because ldap_back_munge_filter()
226 * optionally replaces RFC 4526 T-F filters (&) (|)
227 * if already computed, they will be re-installed
228 * by filter2bv_undef_x() later */
229 if ( !LDAP_BACK_T_F( li ) ) {
230 ldap_back_munge_filter( op, &filter );
233 rs->sr_err = ldap_pvt_search( lc->lc_ld, op->o_req_dn.bv_val,
234 op->ors_scope, filter.bv_val,
235 attrs, op->ors_attrsonly, ctrls, NULL,
236 tv.tv_sec ? &tv : NULL,
237 op->ors_slimit, op->ors_deref, &msgid );
239 ldap_pvt_thread_mutex_lock( &li->li_counter_mutex );
240 ldap_pvt_mp_add( li->li_ops_completed[ SLAP_OP_SEARCH ], 1 );
241 ldap_pvt_thread_mutex_unlock( &li->li_counter_mutex );
243 if ( rs->sr_err != LDAP_SUCCESS ) {
244 switch ( rs->sr_err ) {
245 case LDAP_SERVER_DOWN:
248 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
254 /* reset by ldap_back_retry ... */
255 rs->sr_err = slap_map_api2result( rs );
258 rc = ldap_back_op_result( lc, op, rs, msgid, 0, LDAP_BACK_DONTSEND );
263 case LDAP_FILTER_ERROR:
265 if ( !filter_undef &&
266 strstr( filter.bv_val, "(?" ) &&
267 !LDAP_BACK_NOUNDEFFILTER( li ) )
269 BER_BVZERO( &filter );
270 filter2bv_undef_x( op, op->ors_filter, 1, &filter );
275 /* invalid filters return success with no data */
276 rs->sr_err = LDAP_SUCCESS;
281 rs->sr_err = slap_map_api2result( rs );
287 /* if needed, initialize timeout */
288 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
289 if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
290 tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
295 /* We pull apart the ber result, stuff it into a slapd entry, and
296 * let send_search_entry stuff it back into ber format. Slow & ugly,
297 * but this is necessary for version matching, and for ACL processing.
300 for ( rc = -2; rc != -1; rc = ldap_result( lc->lc_ld, msgid, LDAP_MSG_ONE, &tv, &res ) )
302 /* check for abandon */
303 if ( op->o_abandon || LDAP_BACK_CONN_ABANDON( lc ) ) {
307 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
312 if ( rc == 0 || rc == -2 ) {
313 ldap_pvt_thread_yield();
316 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
318 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
319 rs->sr_text = "Operation timed out";
320 rc = rs->sr_err = op->o_protocol >= LDAP_VERSION3 ?
321 LDAP_ADMINLIMIT_EXCEEDED : LDAP_OTHER;
326 LDAP_BACK_TV_SET( &tv );
329 /* check time limit */
330 if ( op->ors_tlimit != SLAP_NO_LIMIT
331 && slap_get_time() > stoptime )
333 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
334 rc = rs->sr_err = LDAP_TIMELIMIT_EXCEEDED;
340 /* only touch when activity actually took place... */
341 if ( li->li_idle_timeout && lc ) {
342 lc->lc_time = op->o_time;
345 /* don't retry any more */
350 if ( rc == LDAP_RES_SEARCH_ENTRY ) {
352 struct berval bdn = BER_BVNULL;
356 e = ldap_first_entry( lc->lc_ld, res );
357 rc = ldap_build_entry( op, e, &ent, &bdn );
358 if ( rc == LDAP_SUCCESS ) {
359 ldap_get_entry_controls( lc->lc_ld, res, &rs->sr_ctrls );
361 rs->sr_attrs = op->ors_attrs;
362 rs->sr_operational_attrs = NULL;
364 rs->sr_err = LDAP_SUCCESS;
365 rc = rs->sr_err = send_search_entry( op, rs );
366 if ( rs->sr_ctrls ) {
367 ldap_controls_free( rs->sr_ctrls );
372 if ( !BER_BVISNULL( &ent.e_name ) ) {
373 assert( ent.e_name.bv_val != bdn.bv_val );
374 op->o_tmpfree( ent.e_name.bv_val, op->o_tmpmemctx );
375 BER_BVZERO( &ent.e_name );
377 if ( !BER_BVISNULL( &ent.e_nname ) ) {
378 op->o_tmpfree( ent.e_nname.bv_val, op->o_tmpmemctx );
379 BER_BVZERO( &ent.e_nname );
386 case LDAP_INSUFFICIENT_ACCESS:
390 if ( rc == LDAP_UNAVAILABLE ) {
391 rc = rs->sr_err = LDAP_OTHER;
393 (void)ldap_back_cancel( lc, op, rs, msgid, LDAP_BACK_DONTSEND );
398 } else if ( rc == LDAP_RES_SEARCH_REFERENCE ) {
399 if ( LDAP_BACK_NOREFS( li ) ) {
405 rc = ldap_parse_reference( lc->lc_ld, res,
406 &references, &rs->sr_ctrls, 1 );
408 if ( rc != LDAP_SUCCESS ) {
412 /* FIXME: there MUST be at least one */
413 if ( references && references[ 0 ] && references[ 0 ][ 0 ] ) {
416 for ( cnt = 0; references[ cnt ]; cnt++ )
419 /* FIXME: there MUST be at least one */
420 rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
423 for ( cnt = 0; references[ cnt ]; cnt++ ) {
424 ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
426 BER_BVZERO( &rs->sr_ref[ cnt ] );
428 /* ignore return value by now */
429 RS_ASSERT( !(rs->sr_flags & REP_ENTRY_MASK) );
431 ( void )send_search_reference( op, rs );
434 Debug( LDAP_DEBUG_ANY,
435 "%s ldap_back_search: "
436 "got SEARCH_REFERENCE "
437 "with no referrals\n",
438 op->o_log_prefix, 0, 0 );
443 ber_memvfree( (void **)references );
444 op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
449 if ( rs->sr_ctrls ) {
450 ldap_controls_free( rs->sr_ctrls );
454 } else if ( rc == LDAP_RES_INTERMEDIATE ) {
455 /* FIXME: response controls
456 * are passed without checks */
457 rc = ldap_parse_intermediate( lc->lc_ld,
459 (char **)&rs->sr_rspoid,
463 if ( rc != LDAP_SUCCESS ) {
467 slap_send_ldap_intermediate( op, rs );
469 if ( rs->sr_rspoid != NULL ) {
470 ber_memfree( (char *)rs->sr_rspoid );
471 rs->sr_rspoid = NULL;
474 if ( rs->sr_rspdata != NULL ) {
475 ber_bvfree( rs->sr_rspdata );
476 rs->sr_rspdata = NULL;
479 if ( rs->sr_ctrls != NULL ) {
480 ldap_controls_free( rs->sr_ctrls );
487 rc = ldap_parse_result( lc->lc_ld, res, &rs->sr_err,
489 &references, &rs->sr_ctrls, 1 );
490 if ( rc == LDAP_SUCCESS ) {
498 rs->sr_err = slap_map_api2result( rs );
500 /* RFC 4511: referrals can only appear
501 * if result code is LDAP_REFERRAL */
504 && references[ 0 ][ 0 ] )
506 if ( rs->sr_err != LDAP_REFERRAL ) {
507 Debug( LDAP_DEBUG_ANY,
508 "%s ldap_back_search: "
509 "got referrals with err=%d\n",
516 for ( cnt = 0; references[ cnt ]; cnt++ )
519 rs->sr_ref = op->o_tmpalloc( ( cnt + 1 ) * sizeof( struct berval ),
522 for ( cnt = 0; references[ cnt ]; cnt++ ) {
524 ber_str2bv( references[ cnt ], 0, 0, &rs->sr_ref[ cnt ] );
526 BER_BVZERO( &rs->sr_ref[ cnt ] );
529 } else if ( rs->sr_err == LDAP_REFERRAL ) {
530 Debug( LDAP_DEBUG_ANY,
531 "%s ldap_back_search: "
532 "got err=%d with null "
533 "or empty referrals\n",
537 rs->sr_err = LDAP_NO_SUCH_OBJECT;
540 if ( match.bv_val != NULL ) {
541 match.bv_len = strlen( match.bv_val );
548 /* if needed, restore timeout */
549 if ( li->li_timeout[ SLAP_OP_SEARCH ] ) {
550 if ( tv.tv_sec == 0 || tv.tv_sec > li->li_timeout[ SLAP_OP_SEARCH ] ) {
551 tv.tv_sec = li->li_timeout[ SLAP_OP_SEARCH ];
557 if ( rc == -1 && dont_retry == 0 ) {
560 if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_DONTSEND ) ) {
564 rs->sr_err = LDAP_SERVER_DOWN;
565 rs->sr_err = slap_map_api2result( rs );
570 * Rewrite the matched portion of the search base, if required
572 if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
573 struct berval pmatch;
575 if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) != LDAP_SUCCESS ) {
576 pmatch.bv_val = match.bv_val;
579 rs->sr_matched = pmatch.bv_val;
580 rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
582 if ( !BER_BVISNULL( &match ) ) {
583 ber_memfree( match.bv_val );
586 if ( rs->sr_v2ref ) {
587 rs->sr_err = LDAP_REFERRAL;
591 if ( LDAP_BACK_QUARANTINE( li ) ) {
592 ldap_back_quarantine( op, rs );
595 if ( filter.bv_val != op->ors_filterstr.bv_val ) {
596 op->o_tmpfree( filter.bv_val, op->o_tmpmemctx );
600 /* let send_ldap_result play cleanup handlers (ITS#4645) */
601 if ( rc != SLAPD_ABANDON )
604 send_ldap_result( op, rs );
607 (void)ldap_back_controls_free( op, rs, &ctrls );
609 if ( rs->sr_ctrls ) {
610 ldap_controls_free( rs->sr_ctrls );
616 ber_memfree( (char *)rs->sr_text );
622 op->o_tmpfree( rs->sr_ref, op->o_tmpmemctx );
627 ber_memvfree( (void **)references );
631 op->o_tmpfree( attrs, op->o_tmpmemctx );
635 ldap_back_release_conn( li, lc );
649 BerElement ber = *ldap_get_message_ber( e );
650 Attribute *attr, **attrp;
656 /* safe assumptions ... */
657 assert( ent != NULL );
658 BER_BVZERO( &ent->e_bv );
660 if ( ber_scanf( &ber, "{m", bdn ) == LBER_ERROR ) {
661 return LDAP_DECODING_ERROR;
665 * Note: this may fail if the target host(s) schema differs
666 * from the one known to the meta, and a DN with unknown
667 * attributes is returned.
669 * FIXME: should we log anything, or delegate to dnNormalize?
671 /* Note: if the distinguished values or the naming attributes
672 * change, should we massage them as well?
674 if ( dnPrettyNormal( NULL, bdn, &ent->e_name, &ent->e_nname,
675 op->o_tmpmemctx ) != LDAP_SUCCESS )
677 return LDAP_INVALID_DN_SYNTAX;
681 if ( ber_first_element( &ber, &len, &lastb ) != LBER_SEQUENCE ) {
685 attrp = &ent->e_attrs;
686 while ( ber_next_element( &ber, &len, lastb ) == LBER_SEQUENCE &&
687 ber_scanf( &ber, "{m", &a ) != LBER_ERROR ) {
689 slap_syntax_validate_func *validate;
690 slap_syntax_transform_func *pretty;
692 attr = attr_alloc( NULL );
693 if ( attr == NULL ) {
696 if ( slap_bv2ad( &a, &attr->a_desc, &text )
699 if ( slap_bv2undef_ad( &a, &attr->a_desc, &text,
700 SLAP_AD_PROXIED ) != LDAP_SUCCESS )
702 Debug( LDAP_DEBUG_ANY,
703 "%s ldap_build_entry: "
704 "slap_bv2undef_ad(%s): %s\n",
705 op->o_log_prefix, a.bv_val, text );
707 ( void )ber_scanf( &ber, "x" /* [W] */ );
713 /* no subschemaSubentry */
714 if ( attr->a_desc == slap_schema.si_ad_subschemaSubentry
715 || attr->a_desc == slap_schema.si_ad_entryDN )
719 * We eat target's subschemaSubentry because
720 * a search for this value is likely not
721 * to resolve to the appropriate backend;
722 * later, the local subschemaSubentry is
725 * We also eat entryDN because the frontend
726 * will reattach it without checking if already
729 ( void )ber_scanf( &ber, "x" /* [W] */ );
734 if ( ber_scanf( &ber, "[W]", &attr->a_vals ) == LBER_ERROR
735 || attr->a_vals == NULL )
738 * Note: attr->a_vals can be null when using
739 * values result filter
741 attr->a_vals = (struct berval *)&slap_dummy_bv;
744 validate = attr->a_desc->ad_type->sat_syntax->ssyn_validate;
745 pretty = attr->a_desc->ad_type->sat_syntax->ssyn_pretty;
747 if ( !validate && !pretty ) {
748 attr->a_nvals = NULL;
753 for ( i = 0; !BER_BVISNULL( &attr->a_vals[i] ); i++ ) ;
757 * check that each value is valid per syntax
758 * and pretty if appropriate
760 for ( i = 0; i<last; i++ ) {
765 rc = ordered_value_pretty( attr->a_desc,
766 &attr->a_vals[i], &pval, NULL );
769 rc = ordered_value_validate( attr->a_desc,
770 &attr->a_vals[i], 0 );
773 if ( rc != LDAP_SUCCESS ) {
776 /* check if, by chance, it's an undefined objectClass */
777 if ( attr->a_desc == slap_schema.si_ad_objectClass &&
778 ( oc = oc_bvfind_undef( &attr->a_vals[i] ) ) != NULL )
780 ber_dupbv( &pval, &oc->soc_cname );
784 ber_memfree( attr->a_vals[i].bv_val );
786 BER_BVZERO( &attr->a_vals[i] );
789 attr->a_vals[i] = attr->a_vals[last];
790 BER_BVZERO( &attr->a_vals[last] );
795 if ( rc == LDAP_SUCCESS && pretty ) {
796 ber_memfree( attr->a_vals[i].bv_val );
797 attr->a_vals[i] = pval;
800 attr->a_numvals = last = i;
801 if ( last == 0 && attr->a_vals != &slap_dummy_bv ) {
802 attr->a_nvals = NULL;
807 if ( last && attr->a_desc->ad_type->sat_equality &&
808 attr->a_desc->ad_type->sat_equality->smr_normalize )
810 attr->a_nvals = ch_malloc( ( last + 1 )*sizeof( struct berval ) );
811 for ( i = 0; i < last; i++ ) {
814 rc = ordered_value_normalize(
815 SLAP_MR_VALUE_OF_ATTRIBUTE_SYNTAX,
817 attr->a_desc->ad_type->sat_equality,
818 &attr->a_vals[i], &attr->a_nvals[i],
821 if ( rc != LDAP_SUCCESS ) {
822 ber_memfree( attr->a_vals[i].bv_val );
824 BER_BVZERO( &attr->a_vals[i] );
827 attr->a_vals[i] = attr->a_vals[last];
828 BER_BVZERO( &attr->a_vals[last] );
832 BER_BVZERO( &attr->a_nvals[i] );
839 attr->a_nvals = attr->a_vals;
842 attr->a_numvals = last;
844 /* Handle sorted vals, strip dups but keep the attr */
845 if ( attr->a_desc->ad_type->sat_flags & SLAP_AT_SORTED_VAL ) {
846 while ( attr->a_numvals > 1 ) {
847 int rc = slap_sort_vals( (Modifications *)attr, &text, &i, op->o_tmpmemctx );
848 if ( rc != LDAP_TYPE_OR_VALUE_EXISTS )
851 /* Strip duplicate values */
852 if ( attr->a_nvals != attr->a_vals )
853 ber_memfree( attr->a_nvals[i].bv_val );
854 ber_memfree( attr->a_vals[i].bv_val );
858 if ( (unsigned)i < attr->a_numvals ) {
859 attr->a_vals[i] = attr->a_vals[attr->a_numvals];
860 if ( attr->a_nvals != attr->a_vals )
861 attr->a_nvals[i] = attr->a_nvals[attr->a_numvals];
863 BER_BVZERO(&attr->a_vals[attr->a_numvals]);
864 if ( attr->a_nvals != attr->a_vals )
865 BER_BVZERO(&attr->a_nvals[attr->a_numvals]);
867 attr->a_flags |= SLAP_ATTR_SORTED_VALS;
871 attrp = &attr->a_next;
879 /* return 0 IFF we can retrieve the entry with ndn
886 AttributeDescription *at,
890 ldapinfo_t *li = (ldapinfo_t *) op->o_bd->be_private;
892 ldapconn_t *lc = NULL;
897 LDAPMessage *result = NULL,
899 char *attr[3], **attrp = NULL;
903 LDAPControl **ctrls = NULL;
907 /* Tell getconn this is a privileged op */
908 do_not_cache = op->o_do_not_cache;
911 op->o_do_not_cache = 1;
912 /* ldap_back_entry_get() is an entry lookup, so it does not need
913 * to know what the entry is being looked up for */
914 op->o_tag = LDAP_REQ_SEARCH;
915 rc = ldap_back_dobind( &lc, op, &rs, LDAP_BACK_DONTSEND );
916 op->o_do_not_cache = do_not_cache;
924 if ( oc && at != slap_schema.si_ad_objectClass ) {
925 attr[0] = slap_schema.si_ad_objectClass->ad_cname.bv_val;
926 attr[1] = at->ad_cname.bv_val;
930 attr[0] = at->ad_cname.bv_val;
938 filter = op->o_tmpalloc( STRLENOF( "(objectClass=" ")" )
939 + oc->soc_cname.bv_len + 1, op->o_tmpmemctx );
940 ptr = lutil_strcopy( filter, "(objectClass=" );
941 ptr = lutil_strcopy( ptr, oc->soc_cname.bv_val );
948 rc = ldap_back_controls_add( op, &rs, lc, &ctrls );
949 if ( rc != LDAP_SUCCESS ) {
954 rc = ldap_pvt_search_s( lc->lc_ld, ndn->bv_val, LDAP_SCOPE_BASE, filter,
955 attrp, LDAP_DEREF_NEVER, ctrls, NULL,
956 NULL, LDAP_NO_LIMIT, 0, &result );
957 if ( rc != LDAP_SUCCESS ) {
958 if ( rc == LDAP_SERVER_DOWN && do_retry ) {
960 if ( ldap_back_retry( &lc, op, &rs, LDAP_BACK_DONTSEND ) ) {
961 /* if the identity changed, there might be need to re-authz */
962 (void)ldap_back_controls_free( op, &rs, &ctrls );
969 e = ldap_first_entry( lc->lc_ld, result );
971 /* the entry exists, but it doesn't match the filter? */
975 *ent = entry_alloc();
976 if ( *ent == NULL ) {
981 rc = ldap_build_entry( op, e, *ent, &bdn );
983 if ( rc != LDAP_SUCCESS ) {
989 (void)ldap_back_controls_free( op, &rs, &ctrls );
992 ldap_msgfree( result );
996 op->o_tmpfree( filter, op->o_tmpmemctx );
1000 ldap_back_release_conn( li, lc );
projects / openldap / blob