Ldap Search - Operations error.

[Jagadishwer]

Hi Friends,
I am having some problems with the search operation using ldap.
From my box which is not in an activedirectory domain, I am trying to
connect to Active directory using LDAP api.
Here is the code. The same code works some times and gives
Operations error at some other time.


int version1 = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version1);
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_open(Server, LDAP_PORT); // this was SUCCESSed
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n",LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");

ULONG numReturns = 10;
ULONG lRtn = 0;
PCHAR pMyDN = "DC=netkey,DC=com";
lRtn = ldap_simple_bind_s(pLdapConnection, domainname,passwd);
if(lRtn == LDAP_SUCCESS)
printf("ldap_bind_s succeeded \n");
else
{
printf("LDAP Error Msg : %s\n", ldap_err2string(lRtn));
ldap_unbind(pLdapConnection);
return -1;
}
ULONG errorCode = LDAP_SUCCESS;
LDAPMessage* pSearchResult;
char pMyFilter[256] = "(cn1=jhalovatch)";

errorCode = ldap_search_s (
pLdapConnection , "DC=netkey,DC=com",LDAP_SCOPE_SUBTREE, pMyFilter,
NULL,0, &pSearchResult);

errorCode is returning 1 which is Operations Error. This is not
happening always. The same code gives me the deatils of the user and
again after some time gives error 1 which is Operations error.
Please someone tell me what I am doing wrong.
I am using ldap_open and not ladp_init. does this matters.
I am new to this LDAP programming. Please someone help me.
Thanks in advance for the help.
Thanks,
Jagadish.

 

[Dmitri Gavrilov [MSFT]]

Most likely, your error is caused by bad attribute referenced in the filter.
You probably meant (cn=jhalowatch), not (cn1=jhalowatch), right?

To be sure, get server error string with
ldap_get_opt(LDAP_OPT_SERVER_ERROR). It contains more info.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

 

[Jagadishwer]

I am sorry for wrong information. It is (cn=jhalowatch), not (cn1=jhalowatch).
That was a typing mistake.
sorry.

Most likely, your error is caused by bad attribute referenced in the filter.
You probably meant (cn=jhalowatch), not (cn1=jhalowatch), right?

To be sure, get server error string with
ldap_get_opt(LDAP_OPT_SERVER_ERROR). It contains more info.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Friends,
I am having some problems with the search operation using ldap.
From my box which is not in an activedirectory domain, I am trying to
connect to Active directory using LDAP api.
Here is the code. The same code works some times and gives
Operations error at some other time.


int version1 = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version1);
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_open(Server, LDAP_PORT); // this was SUCCESSed
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n",LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");

ULONG numReturns = 10;
ULONG lRtn = 0;
PCHAR pMyDN = "DC=netkey,DC=com";
lRtn = ldap_simple_bind_s(pLdapConnection, domainname,passwd);
if(lRtn == LDAP_SUCCESS)
printf("ldap_bind_s succeeded \n");
else
{
printf("LDAP Error Msg : %s\n", ldap_err2string(lRtn));
ldap_unbind(pLdapConnection);
return -1;
}
ULONG errorCode = LDAP_SUCCESS;
LDAPMessage* pSearchResult;
char pMyFilter[256] = "(cn1=jhalovatch)";

errorCode = ldap_search_s (
pLdapConnection , "DC=netkey,DC=com",LDAP_SCOPE_SUBTREE, pMyFilter,
NULL,0, &pSearchResult);

errorCode is returning 1 which is Operations Error. This is not
happening always. The same code gives me the deatils of the user and
again after some time gives error 1 which is Operations error.
Please someone tell me what I am doing wrong.
I am using ldap_open and not ladp_init. does this matters.
I am new to this LDAP programming. Please someone help me.
Thanks in advance for the help.
Thanks,
Jagadish.

 

[Jagadishwer]

Hi Dmitri Gavrilov ,
I am sorry for the wrong Information. It is cn= not cn1= . It
was a typing mistake.
Thanks for your suggesstion. Now when I use
ldap_get_opt(LDAP_OPT_SERVER_ERROR) I am getting an error message
"LdapError: DSID-0C0905FF, comment: In order to perform this operation
a successful bind must be completed on the connection. , data 0,
vece".
I am calling ldap_search_s only if my binding is successfull.
I am calling ldap_open and ldap_simple_bind_s before calling
ldap_search_s.
Please tell me where I am doing wrong.
Thanks for your help.
Jagadish.

Most likely, your error is caused by bad attribute referenced in the filter.
You probably meant (cn=jhalowatch), not (cn1=jhalowatch), right?

To be sure, get server error string with
ldap_get_opt(LDAP_OPT_SERVER_ERROR). It contains more info.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Friends,
I am having some problems with the search operation using ldap.
From my box which is not in an activedirectory domain, I am trying to
connect to Active directory using LDAP api.
Here is the code. The same code works some times and gives
Operations error at some other time.


int version1 = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version1);
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_open(Server, LDAP_PORT); // this was SUCCESSed
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n",LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");

ULONG numReturns = 10;
ULONG lRtn = 0;
PCHAR pMyDN = "DC=netkey,DC=com";
lRtn = ldap_simple_bind_s(pLdapConnection, domainname,passwd);
if(lRtn == LDAP_SUCCESS)
printf("ldap_bind_s succeeded \n");
else
{
printf("LDAP Error Msg : %s\n", ldap_err2string(lRtn));
ldap_unbind(pLdapConnection);
return -1;
}
ULONG errorCode = LDAP_SUCCESS;
LDAPMessage* pSearchResult;
char pMyFilter[256] = "(cn1=jhalovatch)";

errorCode = ldap_search_s (
pLdapConnection , "DC=netkey,DC=com",LDAP_SCOPE_SUBTREE, pMyFilter,
NULL,0, &pSearchResult);

errorCode is returning 1 which is Operations Error. This is not
happening always. The same code gives me the deatils of the user and
again after some time gives error 1 which is Operations error.
Please someone tell me what I am doing wrong.
I am using ldap_open and not ladp_init. does this matters.
I am new to this LDAP programming. Please someone help me.
Thanks in advance for the help.
Thanks,
Jagadish.

 

[Jason Robarts [MSFT]]

Dmitry, please excuse me for jumping in. Please continue participating on
the thread.

This could be a side effect of the simple bind request. If you pass in a
blank password to the simple bind and the password for the user is not blank
you will be given anonymous credentials instead of being returned an invalid
credentials error message. In other words the ldap_simple_bind() call will
succeed when you call it with a blank password whether the password is
correct or not. This is based on a statement in one of the IETF RFCs for
the LDAP protocol. Anonymous operations by default are not allowed in
Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;326690 I can't
remember if the same behavior applies over a SSL connection. This is one
possible reason for what you are seeing but not the only one.

Simple binds are not recommended over a non-SSL connection. Simple binds
allow the password to be exposed in clear text to anyone using a password
sniffer. I highly recommend you change the code to use ldap_bind_s
specifying a SASL mechanism such as LDAP_AUTH_NEGOTIATE.

Jason
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Dmitri Gavrilov ,
I am sorry for the wrong Information. It is cn= not cn1= . It
was a typing mistake.
Thanks for your suggesstion. Now when I use
ldap_get_opt(LDAP_OPT_SERVER_ERROR) I am getting an error message
"LdapError: DSID-0C0905FF, comment: In order to perform this operation
a successful bind must be completed on the connection. , data 0,
vece".
I am calling ldap_search_s only if my binding is successfull.
I am calling ldap_open and ldap_simple_bind_s before calling
ldap_search_s.
Please tell me where I am doing wrong.
Thanks for your help.
Jagadish.
"Dmitri Gavrilov [MSFT]" <[email protected]> wrote in message

Most likely, your error is caused by bad attribute referenced in the filter.
You probably meant (cn=jhalowatch), not (cn1=jhalowatch), right?

To be sure, get server error string with
ldap_get_opt(LDAP_OPT_SERVER_ERROR). It contains more info.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Friends,
I am having some problems with the search operation using ldap.
From my box which is not in an activedirectory domain, I am trying to
connect to Active directory using LDAP api.
Here is the code. The same code works some times and gives
Operations error at some other time.


int version1 = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version1);
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_open(Server, LDAP_PORT); // this was SUCCESSed
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n",LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");

ULONG numReturns = 10;
ULONG lRtn = 0;
PCHAR pMyDN = "DC=netkey,DC=com";
lRtn = ldap_simple_bind_s(pLdapConnection, domainname,passwd);
if(lRtn == LDAP_SUCCESS)
printf("ldap_bind_s succeeded \n");
else
{
printf("LDAP Error Msg : %s\n", ldap_err2string(lRtn));
ldap_unbind(pLdapConnection);
return -1;
}
ULONG errorCode = LDAP_SUCCESS;
LDAPMessage* pSearchResult;
char pMyFilter[256] = "(cn1=jhalovatch)";

errorCode = ldap_search_s (
pLdapConnection , "DC=netkey,DC=com",LDAP_SCOPE_SUBTREE, pMyFilter,
NULL,0, &pSearchResult);

errorCode is returning 1 which is Operations Error. This is not
happening always. The same code gives me the deatils of the user and
again after some time gives error 1 which is Operations error.
Please someone tell me what I am doing wrong.
I am using ldap_open and not ladp_init. does this matters.
I am new to this LDAP programming. Please someone help me.
Thanks in advance for the help.
Thanks,
Jagadish.

 

[Dmitri Gavrilov [MSFT]]

AD does not think you have successfully authenticated, as error indicates.

I suspect you do a simple bind with an empty pwd. Such binds never fail.
Here's from a recent thread on
microsoft.public.windows.server.active_directory:

This is a "feature". Whenever you bind with a blank pwd (simple bind that
is, when we actually see the pwd), we treat it as an "unbind" or "become
anonymous" request. Thus, a simple bind with an empty pwd never fails. It is
a feature.

Unfortunately, it's hard to predict what actually happens. If the user
actually had blank pwd, then we will authenticate as this user. If the user
had a non-blank pwd, then we succeed the bind, but become anonymous, i.e.
the state that you are in after you connect but before bind.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Dmitri Gavrilov ,
I am sorry for the wrong Information. It is cn= not cn1= . It
was a typing mistake.
Thanks for your suggesstion. Now when I use
ldap_get_opt(LDAP_OPT_SERVER_ERROR) I am getting an error message
"LdapError: DSID-0C0905FF, comment: In order to perform this operation
a successful bind must be completed on the connection. , data 0,
vece".
I am calling ldap_search_s only if my binding is successfull.
I am calling ldap_open and ldap_simple_bind_s before calling
ldap_search_s.
Please tell me where I am doing wrong.
Thanks for your help.
Jagadish.
"Dmitri Gavrilov [MSFT]" <[email protected]> wrote in message

Most likely, your error is caused by bad attribute referenced in the filter.
You probably meant (cn=jhalowatch), not (cn1=jhalowatch), right?

To be sure, get server error string with
ldap_get_opt(LDAP_OPT_SERVER_ERROR). It contains more info.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Friends,
I am having some problems with the search operation using ldap.
From my box which is not in an activedirectory domain, I am trying to
connect to Active directory using LDAP api.
Here is the code. The same code works some times and gives
Operations error at some other time.


int version1 = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version1);
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_open(Server, LDAP_PORT); // this was SUCCESSed
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n",LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");

ULONG numReturns = 10;
ULONG lRtn = 0;
PCHAR pMyDN = "DC=netkey,DC=com";
lRtn = ldap_simple_bind_s(pLdapConnection, domainname,passwd);
if(lRtn == LDAP_SUCCESS)
printf("ldap_bind_s succeeded \n");
else
{
printf("LDAP Error Msg : %s\n", ldap_err2string(lRtn));
ldap_unbind(pLdapConnection);
return -1;
}
ULONG errorCode = LDAP_SUCCESS;
LDAPMessage* pSearchResult;
char pMyFilter[256] = "(cn1=jhalovatch)";

errorCode = ldap_search_s (
pLdapConnection , "DC=netkey,DC=com",LDAP_SCOPE_SUBTREE, pMyFilter,
NULL,0, &pSearchResult);

errorCode is returning 1 which is Operations Error. This is not
happening always. The same code gives me the deatils of the user and
again after some time gives error 1 which is Operations error.
Please someone tell me what I am doing wrong.
I am using ldap_open and not ladp_init. does this matters.
I am new to this LDAP programming. Please someone help me.
Thanks in advance for the help.
Thanks,
Jagadish.

 

[Dmitri Gavrilov [MSFT]]

Sorry for the delay -- my newsreader just picked this up.

Obviously, your bind did not succeed. You have to make sure it does succeed.
Also note, ldap_simple_bind_s with empty password never fails, even if you
fail to authenticate. It is treated as "become unauthenticated" request, and
always succeeds. I bet this is what you are encountering. You should avoid
simple bind (which sends the password across the wire in clear text), and
start using secure binds (ldap_bind_s).

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Dmitri Gavrilov ,
I am sorry for the wrong Information. It is cn= not cn1= . It
was a typing mistake.
Thanks for your suggesstion. Now when I use
ldap_get_opt(LDAP_OPT_SERVER_ERROR) I am getting an error message
"LdapError: DSID-0C0905FF, comment: In order to perform this operation
a successful bind must be completed on the connection. , data 0,
vece".
I am calling ldap_search_s only if my binding is successfull.
I am calling ldap_open and ldap_simple_bind_s before calling
ldap_search_s.
Please tell me where I am doing wrong.
Thanks for your help.
Jagadish.
"Dmitri Gavrilov [MSFT]" <[email protected]> wrote in message

Most likely, your error is caused by bad attribute referenced in the filter.
You probably meant (cn=jhalowatch), not (cn1=jhalowatch), right?

To be sure, get server error string with
ldap_get_opt(LDAP_OPT_SERVER_ERROR). It contains more info.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Hi Friends,
I am having some problems with the search operation using ldap.
From my box which is not in an activedirectory domain, I am trying to
connect to Active directory using LDAP api.
Here is the code. The same code works some times and gives
Operations error at some other time.


int version1 = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version1);
LDAP* pLdapConnection = NULL;
pLdapConnection = ldap_open(Server, LDAP_PORT); // this was SUCCESSed
if (pLdapConnection == NULL)
{
printf("ldap_init failed with 0x%x.\n",LdapGetLastError());
ldap_unbind(pLdapConnection);
return -1;
}
else
printf("ldap_init succeeded \n");

ULONG numReturns = 10;
ULONG lRtn = 0;
PCHAR pMyDN = "DC=netkey,DC=com";
lRtn = ldap_simple_bind_s(pLdapConnection, domainname,passwd);
if(lRtn == LDAP_SUCCESS)
printf("ldap_bind_s succeeded \n");
else
{
printf("LDAP Error Msg : %s\n", ldap_err2string(lRtn));
ldap_unbind(pLdapConnection);
return -1;
}
ULONG errorCode = LDAP_SUCCESS;
LDAPMessage* pSearchResult;
char pMyFilter[256] = "(cn1=jhalovatch)";

errorCode = ldap_search_s (
pLdapConnection , "DC=netkey,DC=com",LDAP_SCOPE_SUBTREE, pMyFilter,
NULL,0, &pSearchResult);

errorCode is returning 1 which is Operations Error. This is not
happening always. The same code gives me the deatils of the user and
again after some time gives error 1 which is Operations error.
Please someone tell me what I am doing wrong.
I am using ldap_open and not ladp_init. does this matters.
I am new to this LDAP programming. Please someone help me.
Thanks in advance for the help.
Thanks,
Jagadish.

 

[khadidiatou diene]

jagadishwer (e-mail address removed) j aimerai bien avoir un contact avec vous ne se
resque pour vous connaitre et avoir un lien d amitie avec vous
"