[GH-ISSUE #1343] [BUG] Unexpected return for ldapsearch, success instead of error #471

New issue

Closed

opened 2026-02-27 08:17:27 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:17:27 +03:00

Owner

Originally created by @armfem on GitHub (Oct 31, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1343

Originally assigned to: @Copilot on GitHub.

Describe the bug
LLDAP does not return the expected return for an ldapsearch.
One of the bad effects of this is that ldap python's library can have unexpected behaviors. See the additional context for a concrete example.

To Reproduce
Steps to reproduce the behavior:

Run the following command:

ldapsearch -x -H ldap://localhost:3890 -s base -b uid=bsamson,ou=people,dc=example,dc=com -D uid=admin,ou=people,dc=example,dc=com -w password "(objectClass=*)"

You get the following return from lldap:

[...]
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MAUCAQAEAA==
pagedresults: cookie=

# numResponses: 1

Expected behavior
The expected behavior would be for LLDAP to return the following error:

[...]
# search result
search: 2
result: 32 No such object

# numResponses: 1

Specifically the result:32 No such object.

Additional context
For more context, I found this bug while trying to solve the following ansible issue https://github.com/ansible-collections/community.general/issues/10393

Originally created by @armfem on GitHub (Oct 31, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1343 Originally assigned to: @Copilot on GitHub. **Describe the bug** LLDAP does not return the expected return for an ldapsearch. One of the bad effects of this is that ldap python's library can have unexpected behaviors. See the additional context for a concrete example. **To Reproduce** Steps to reproduce the behavior: 1. Run the following command: ```bash ldapsearch -x -H ldap://localhost:3890 -s base -b uid=bsamson,ou=people,dc=example,dc=com -D uid=admin,ou=people,dc=example,dc=com -w password "(objectClass=*)" ``` 2. You get the following return from lldap: ```bash [...] # search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.319 false MAUCAQAEAA== pagedresults: cookie= # numResponses: 1 ``` **Expected behavior** The expected behavior would be for LLDAP to return the following error: ```bash [...] # search result search: 2 result: 32 No such object # numResponses: 1 ``` Specifically the `result:32 No such object`. **Additional context** For more context, I found this bug while trying to solve the following ansible issue https://github.com/ansible-collections/community.general/issues/10393

kerem

2026-02-27 08:17:27 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-27 08:17:27 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 31, 2025):

That is very much me misreading the spec and not realizing that "no result" should be an error (I still find it weird, but shrug).

This needs to be fixed indeed.

@nitnelave commented on GitHub (Oct 31, 2025): That is very much me misreading the spec and not realizing that "no result" should be an error (I still find it weird, but *shrug*). This needs to be fixed indeed.

kerem commented

2026-02-27 08:17:27 +03:00

Author

Owner

@armfem commented on GitHub (Oct 31, 2025):

Glad i could help :)

I guess the error is more a security measure in case someone without enough rights is trying to poke different entries.

@armfem commented on GitHub (Oct 31, 2025): Glad i could help :) I guess the error is more a security measure in case someone without enough rights is trying to poke different entries.