I'm developing an LDAP user-authentication connector for our
application (in Java). Through testing with Apache Directory,
I know for a fact that in the LDAP directory for a search string such
as "(&(objectclass=*)(cn=<user_login>))" for a certain user,
two entries are found (identical, that is: same dn's, same attributes,
same values), whereas for other users only one entry will be recovered.
This is correct (verified with the LDAP administrator).

The login procedure for the former cases consists in performing a seach
for the specified user login, and in those cases where
more than one entry is retrieved, several successive connects (with the
obtained user's DN and his passwd) should be attempted; if
the first connect attempt fails, the second DN should be attempted,

My problem consists in that, for the case of the 'repeated' entries,
the search performed through Novell's own API only retrieves
one, and not both, results.

The code-extracts look like this:

// Finding the user(s) for a particular login
Collection<LDAPEntry> entries = new ArrayList<LDAPEntry>();
LDAPConnection con = connect(); // Connect as LDAP administrator
String searchFilter = "(&(objectclass=*)(cn=<user_name>))"
String attrs[] = getSearchLDAPAttrs();
if (con != null) {
try {
//Only ever retrieves 1 result, should in some cases return 2
//LDAPUsersOU="o=<base>", LDAPScope=2
LDAPSearchResults searchResults = con.search(LDAPUsersOU, LDAPScope,
searchFilter, attrs, false);
while (searchResults.hasMore()) {
} catch (LDAPException e) {
log.error("Error trying to find entries for login: " + login, e);
return entries;

// Trying to obtain bound connections
Collection userEntries = . . . //SEE ABOVE
for (Iterator<LDAPEntry> it = userEntries.iterator(); it.hasNext();
) {
LDAPEntry userEntry = it.next();
String dn = userEntry.getDN();
// Try to obtain a bound connection for this user and verify this
way login and password
LDAPConnection con = connect(dn, password);
if (con != null) {
// If the connection is != null then it's valid (checked inside

// connect(login,passwd)
LDAPConnection con = null;
try {
// use PoolManager
con = pool.getBoundConnection(login,
} catch (LDAPException e) {
log.error("Unable to connect or wrong password for user with
login " + login);
} catch (Exception e) {
log.error("Exception trying to login: ", e);
if (con != null && con.isConnected() && con.isBound()) {
LDAPSearchConstraints sc = new LDAPSearchConstraints(new
LDAPConstraints(LDAPConnectionValue, false, null, 0));
if (isDebug) log.debug("Obtained shared bound connection from
pool for login " + login + ".");
return con;

I've changed the constraints from the 'normal' LDAPConstraints to
LDAPSearchConstraints in order to set the batchsize to 0, but
without changes.
If anyone has any suggestions or ideas, they'll be greatly

polymita_jan's Profile: http://forums.novell.com/member.php?userid=100920
View this thread: http://forums.novell.com/showthread.php?t=428269