mod_ldap: Fix unexpected return codes from LDAP lib being coerced

into LDAP_NO_SUCH_ATTRIBUTE + some new tracing.

     trunk patch: http://svn.apache.org/r1687980
                  http://svn.apache.org/r1689694
                  http://svn.apache.org/r1689698
Backports: 1687980, 1689694, 1689698
Submitted by: covener
Reviewied by: covener, wrowe, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1690114 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 63f64e8178f72e83f52533ac95cc66365cc8ab6a..62a4702f16c6e9ad371ddf5b91c5fd5a276afef0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,9 @@ Changes with Apache 2.4.16
   *) core: Avoid a possible truncation of the faulty header included in the
      HTML response when LimitRequestFieldSize is reached.  [Yann Ylavic]
 
+  *) mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead
+     of an error during a compare operation. [Eric Covener]
+
 Changes with Apache 2.4.15
 
   *) mod_ext_filter, mod_charset_lite: Avoid inadvertent filtering of protocol

diff --git a/STATUS b/STATUS
index 3d558d0e46c6e872b6ffe1e0230cd24d6afee6d1..c387ac65b8188a80370ca5a8e0f1442dd6f89f14 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -108,14 +108,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ldap: Fix unexpected return codes from LDAP lib being coerced
-     into LDAP_NO_SUCH_ATTRIBUTE + some new tracing.
-
-     trunk patch: http://svn.apache.org/r1687980
-                  http://svn.apache.org/r1689694
-                  http://svn.apache.org/r1689698
-     2.4.x patch:  http://people.apache.org/~covener/patches/httpd-2.4.x-ldap-retcode.diff
-     +1: covener, wrowe, ylavic
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index d9359b2ffa4711aa2d429f4c45ecc28fec8d48eb..156e131d2cde5f575e9ba5edf55c470d55592689 100644 (file)
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -1096,13 +1096,19 @@ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc,
                     ldc->reason = "Comparison no such attribute (cached)";
                 }
                 else {
-                    ldc->reason = "Comparison undefined (cached)";
+                    ldc->reason = apr_psprintf(r->pool, 
+                                              "Comparison undefined: (%d): %s (adding to cache)", 
+                                              result, ldap_err2string(result));
                 }
 
                 /* record the result code to return with the reason... */
                 result = compare_nodep->result;
                 /* and unlock this read lock */
                 LDAP_CACHE_UNLOCK();
+
+                ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
+                              "ldap_compare_s(%pp, %s, %s, %s) = %s (cached)", 
+                              ldc->ldap, dn, attrib, value, ldap_err2string(result));
                 return result;
             }
         }
@@ -1186,19 +1192,26 @@ start_over:
             }
             LDAP_CACHE_UNLOCK();
         }
+
         if (LDAP_COMPARE_TRUE == result) {
             ldc->reason = "Comparison true (adding to cache)";
-            return LDAP_COMPARE_TRUE;
         }
         else if (LDAP_COMPARE_FALSE == result) {
             ldc->reason = "Comparison false (adding to cache)";
-            return LDAP_COMPARE_FALSE;
         }
-        else {
+        else if (LDAP_NO_SUCH_ATTRIBUTE == result) {
             ldc->reason = "Comparison no such attribute (adding to cache)";
-            return LDAP_NO_SUCH_ATTRIBUTE;
+        }
+        else {
+            ldc->reason = apr_psprintf(r->pool, 
+                                       "Comparison undefined: (%d): %s (adding to cache)", 
+                                        result, ldap_err2string(result));
         }
     }
+
+    ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
+                  "ldap_compare_s(%pp, %s, %s, %s) = %s", 
+                  ldc->ldap, dn, attrib, value, ldap_err2string(result));
     return result;
 }