Comment 0 for bug 1023025

On precise, the slapd daemon return "error code 2 - controls require LDAPv3" to client search. I don't see any reason why this would occure, because if you run the same command few seconds later, it (may) work.

For example, using nss_ldap, when running in a loop "id pierref", you may sometime have fewer group that you would normally have. And few seconds later, everything go back to normal.

We also have this issue with some other tools, like Confluence (Atlassian's wiki) and also a internal tools developped in Python.

On client side (confluence), we have "javax.naming.CommunicationException: [LDAP: error code 2 - controls require LDAPv3];"

On server side, we found the same "controls require LDAPv3" returned with get_ctrl function. I attached log extract of slapd server at loglevel any. On log I keep one successfull search done by confluence and one failed search.

Note: on server log - if I understand log correctly - the client bind with version 3 of protocol... while error complain about not behind version 3...

Version:

* server : Ubuntu precise 3.2.0-26-generic x86_64, slapd 2.4.28-1.1ubuntu4
* client 1 : Ubuntu lucid 2.6.32-41-server x86_64, libnss-ldap 264-2ubuntu2, ldap-utils 2.4.21-0ubuntu5.7
* client 2 : Ubuntu precise 3.2.0-26-virtual x86_64, libnss-ldap 264-2.2ubuntu2, ldap-utils 2.4.28-1.1ubuntu4

Their is two LDAP server (replication), I attached configuration of both.

I also attached a "test_nss.sh" which show this bug on client side.