At 02:09 PM 10/7/2005, Howard Chu wrote:
>Kurt D. Zeilenga wrote:
>>At 11:06 AM 10/7/2005, Howard Chu wrote:
>>
>>>On the other hand, when exactly is it possible for a single request to have
>>>more than one result message?
>>>
>>
>>In LDAP, there can be many intermediate responses (as in a search
>>entries, search references, and extended intermediate responses)
>>to a single request, but only one of those responses contains
>>the final result (as in searchResultDone).
>>
>
>Yes, but none of those (search entry, search reference, or intermediate)
>responses are *Result* messages.
LDAP, at times, refers to any response as a result message:
SearchResultEntry
SearchResultReference
SearchResultDone
>Notice in libldap/error.c that it explicitly excludes those three response
>types when looking for Result messages. Since in fact the protocol only allows
>*one* Result message per Request, and every new Request gets its own msgID and
>its own place in the request queue, I conclude that
>LDAP_MORE_RESULTS_TO_RETURN is an impossible condition.
A message chain can old responses from multiple requests...
>>
>>>Googling for LDAP_MORE_RESULTS_TO_RETURN shows that at least Sun/Netscape
>>>think this can only happen as the result of a SASL Bind request.
>>>But there's nothing in the protocol spec (or LDAPbis drafts) that mentions
>>>this.
>>>
>>
>>LDAP_MORE_RESULTS_TO_RETURN is an API error, not a protocol result
>>code, and hence not discussed in protocol specifications.
>>
>
>I hoped some rationale would be in some IETF document somewhere. The note in
>the expired C API draft says it was added for LDAPv3 support.
That comment only means its a post-RFC 1823 addition.
>>>It appears that this error code has no real application, and "Find the next
>>>result..." is wasted effort. What's really going on here?
>>>
>>
>>The API error is used in two places in libldap. One
>>in returning a SASL_CONTINUE condition and in
>>ldap_parse_result() to indicate if more results are
>>in the chain.
>>
>
>Yes, in libldap/cyrus.c the sasl_err2ldap() function maps SASL_CONTINUE to
>LDAP_MORE_RESULTS_TO_RETURN. But if you check all (4) of the places where
>sasl_err2ldap() is called, you'll see that it is impossible for SASL_CONTINUE
>to ever be input to this function. So again, that's a red herring.
Correct. Only the latter use is relevant.
>And in ldap_parse_result in libldap/error.c, as I've already pointed out, we
>queue responses with their originating requests. Any LDAP Request can only
>have one Result message, regardless of how many intermediate messages may be
>included. So it appears that all accomodation for this
>LDAP_MORE_RESULTS_TO_RETURN error code is just excess baggage.
The only thing I can think it exists for handling of
message chains containing responses in reply to
multiple requests.
>--
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> OpenLDAP Core Team http://www.openldap.org/project/
