summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2006-07-17 09:18:09 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2006-07-17 09:18:09 +0000
commit6ec97b1bb5ba11ef3febc5ba8f9bcb4365984189 (patch)
tree14b87dbdf47a0cdfd76dae9b5b7b8f4aa783159f
parent034d99ab7d8d4bf671671e583c32cf7dd322c1c2 (diff)
Alain Williams' patch for disabling LDAP referrals when requested.
-rw-r--r--doc/doc-txt/ChangeLog5
-rw-r--r--doc/doc-txt/NewStuff6
-rw-r--r--src/ACKNOWLEDGMENTS5
-rw-r--r--src/src/lookups/ldap.c48
-rw-r--r--test/scripts/9000-LDAP/90005
-rw-r--r--test/stderr/900059
-rw-r--r--test/stdout/90004
7 files changed, 108 insertions, 24 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d3535f719..4a1306d20 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.378 2006/07/14 14:42:57 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.379 2006/07/17 09:18:09 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -118,6 +118,9 @@ PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and
output them only if debugging. By default they are written stderr,
apparently, which is not desirable.
+PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on
+ queries.
+
Exim version 4.62
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 1ec1bdd2c..35d3bde30 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.105 2006/07/13 13:53:32 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.106 2006/07/17 09:18:09 ph10 Exp $
New Features in Exim
--------------------
@@ -44,6 +44,10 @@ Version 4.63
smtp_error_code option false. In this case, any SMTP code is quietly
ignored.
+4. There is a new parameter for LDAP lookups called "referrals", which takes
+ one of the settings "follow" (the default) or "nofollow". The latter stops
+ the LDAP library from trying to follow referrals issued by the LDAP server.
+
Version 4.62
------------
diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS
index 7d73b0d1b..ae04331dd 100644
--- a/src/ACKNOWLEDGMENTS
+++ b/src/ACKNOWLEDGMENTS
@@ -1,4 +1,4 @@
-$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.52 2006/07/06 14:28:03 ph10 Exp $
+$Cambridge: exim/src/ACKNOWLEDGMENTS,v 1.53 2006/07/17 09:18:09 ph10 Exp $
EXIM ACKNOWLEDGEMENTS
@@ -20,7 +20,7 @@ relatively small patches.
Philip Hazel
Lists created: 20 November 2002
-Last updated: 06 July 2006
+Last updated: 17 July 2006
THE OLD LIST
@@ -253,6 +253,7 @@ Joachim Wieland Patches for PostgreSQL socket support and other
Patch for hosts_avoid_esmtp
Stephen Wilcox Patch for ignore_enotdir problem
Alain Williams Suggested patch for exicyclog options
+ PATCH for LDAP referrals option
David Woodhouse SQLite support proof of concept code
control=freeze/no_tell basic code
Erik ? patch to use select() instead of poll() on OS X
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 26fdb2ffc..55761977c 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/lookups/ldap.c,v 1.11 2006/06/27 13:39:01 ph10 Exp $ */
+/* $Cambridge: exim/src/src/lookups/ldap.c,v 1.12 2006/07/17 09:18:09 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -137,6 +137,7 @@ Arguments:
tcplimit max time for network activity, e.g. connect, or 0 for OS default
deference the dereference option, which is one of
LDAP_DEREF_{NEVER,SEARCHING,FINDING,ALWAYS}
+ referrals the referral option, which is LDAP_OPT_ON or LDAP_OPT_OFF
Returns: OK or FAIL or DEFER
FAIL is given only if a lookup was performed successfully, but
@@ -146,7 +147,7 @@ Returns: OK or FAIL or DEFER
static int
perform_ldap_search(uschar *ldap_url, uschar *server, int s_port, int search_type,
uschar **res, uschar **errmsg, BOOL *defer_break, uschar *user, uschar *password,
- int sizelimit, int timelimit, int tcplimit, int dereference)
+ int sizelimit, int timelimit, int tcplimit, int dereference, void *referrals)
{
LDAPURLDesc *ludp = NULL;
LDAPMessage *result = NULL;
@@ -556,6 +557,14 @@ an LDAP library without LDAP_OPT_DEREF. */
ldap_set_option(lcp->ld, LDAP_OPT_DEREF, (void *)&dereference);
#endif
+/* Similarly for the referral setting; should the library follow referrals that
+the LDAP server returns? The conditional is just in case someone uses a library
+without it. */
+
+#if defined(LDAP_OPT_REFERRALS)
+ldap_set_option(lcp->ld, LDAP_OPT_REFERRALS, referrals);
+#endif
+
/* Start the search on the server. */
DEBUG(D_lookup) debug_printf("Start search\n");
@@ -977,8 +986,9 @@ BOOL defer_break = FALSE;
int timelimit = LDAP_NO_LIMIT;
int sizelimit = LDAP_NO_LIMIT;
int tcplimit = 0;
-int dereference = LDAP_DEREF_NEVER;
int sep = 0;
+int dereference = LDAP_DEREF_NEVER;
+void* referrals = LDAP_OPT_ON;
uschar *url = ldap_url;
uschar *p;
uschar *user = NULL;
@@ -1032,7 +1042,29 @@ while (strncmpic(url, US"ldap", 4) != 0)
DEBUG(D_lookup) debug_printf("%s\n", *errmsg);
return DEFER;
}
+ #endif
+ #ifdef LDAP_OPT_REFERRALS
+ else if (strncmpic(name, US"REFERRALS=", namelen) == 0)
+ {
+ if (strcmpic(value, US"follow") == 0) referrals = LDAP_OPT_ON;
+ else if (strcmpic(value, US"nofollow") == 0) referrals = LDAP_OPT_OFF;
+ else
+ {
+ *errmsg = string_sprintf("LDAP option REFERRALS is not \"follow\" "
+ "or \"nofollow\"");
+ DEBUG(D_lookup) debug_printf("%s\n", *errmsg);
+ return DEFER;
+ }
+ }
+ #else
+ else if (strncmpic(name, US"REFERRALS=", namelen) == 0)
+ {
+ *errmsg = string_sprintf("LDAP_OP_REFERRALS not defined in this LDAP "
+ "library - cannot use \"referrals\"");
+ DEBUG(D_lookup) debug_printf("%s\n", *errmsg);
+ return DEFER;
+ }
#endif
else
@@ -1081,8 +1113,8 @@ if (user != NULL)
DEBUG(D_lookup)
debug_printf("LDAP parameters: user=%s pass=%s size=%d time=%d connect=%d "
- "dereference=%d\n", user, password, sizelimit, timelimit, tcplimit,
- dereference);
+ "dereference=%d referrals=%s\n", user, password, sizelimit, timelimit,
+ tcplimit, dereference, (referrals == LDAP_OPT_ON)? "on" : "off");
/* If the request is just to check authentication, some credentials must
be given. The password must not be empty because LDAP binds with an empty
@@ -1119,7 +1151,8 @@ if (Ustrncmp(p, "://", 3) != 0)
if (eldap_default_servers == NULL || p[3] != '/')
{
return perform_ldap_search(url, NULL, 0, search_type, res, errmsg,
- &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference);
+ &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
+ referrals);
}
/* Loop through the default servers until OK or FAIL */
@@ -1136,7 +1169,8 @@ while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL
port = Uatoi(colon+1);
}
rc = perform_ldap_search(url, server, port, search_type, res, errmsg,
- &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference);
+ &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
+ referrals);
if (rc != DEFER || defer_break) return rc;
}
diff --git a/test/scripts/9000-LDAP/9000 b/test/scripts/9000-LDAP/9000
index 0924b79a5..2bfedbf00 100644
--- a/test/scripts/9000-LDAP/9000
+++ b/test/scripts/9000-LDAP/9000
@@ -173,3 +173,8 @@ exim -be
Expect ldap_search to fail
${lookup ldap {ldap:///o=top?mailRoutingAddress,mailHost,objectClass?sub?(&(mailLocalAddress=3-1546081-domain.net?wendling@stderr.efficientimpacte.com)(objectClass=inetLocalMailRecipient))}{$value}fail}
****
+exim -d -be
+Expect "Hazel" - checking referrals syntax
+\${lookup ldap {time=1 referrals=nofollow ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)}{\$value}fail}
+${lookup ldap {time=1 referrals=nofollow ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)}{$value}fail}
+****
diff --git a/test/stderr/9000 b/test/stderr/9000
index 346684915..17fbb4254 100644
--- a/test/stderr/9000
+++ b/test/stderr/9000
@@ -28,7 +28,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=NULL port=389
ldap_initialize with URL ldap://:389/
@@ -52,7 +52,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=0
ldap_initialize with URL ldapi://%2Ftmp%2Fldap.sock
@@ -84,7 +84,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldap://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldap://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldap://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=389
re-using cached connection to LDAP server /tmp/ldap.sock
@@ -105,7 +105,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldaps://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldaps://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldaps://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=636
re-using cached connection to LDAP server /tmp/ldap.sock
@@ -126,7 +126,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="user="cn=manager,o=University of Cambridge,c=UK" pass=secret ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for user="cn=manager,o=University of Cambridge,c=UK" pass=secret ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=cn=manager,o=University of Cambridge,c=UK pass=secret size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=cn=manager,o=University of Cambridge,c=UK pass=secret size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=127.0.0.1 port=636
ldap_initialize with URL ldaps://127.0.0.1:636/
@@ -150,7 +150,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="user="cn=manager,o=University of Cambridge,c=UK" pass="secret" ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for user="cn=manager,o=University of Cambridge,c=UK" pass="secret" ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=cn=manager,o=University of Cambridge,c=UK pass=secret size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=cn=manager,o=University of Cambridge,c=UK pass=secret size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=127.0.0.1 port=636
re-using cached connection to LDAP server 127.0.0.1:636
@@ -178,7 +178,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=127.0.0.1 port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=127.0.0.1 port=0
ldap_initialize with URL ldap://127.0.0.1:389/
@@ -202,7 +202,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=0
ldap_initialize with URL ldapi://%2Ftmp%2Fldap.sock
@@ -231,7 +231,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=/tmp/ldap.sock port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=0
ldap_initialize with URL ldapi://%2Ftmp%2Fldap.sock
@@ -254,7 +254,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldapi://%2Ftmp%2Fldap.sock/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=0
re-using cached connection to LDAP server /tmp/ldap.sock
@@ -275,7 +275,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="dereference=always ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for dereference=always ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=3
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=3 referrals=on
perform_ldap_search: ldap URL = "ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=/tmp/ldap.sock port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=/tmp/ldap.sock port=0
re-using cached connection to LDAP server /tmp/ldap.sock
@@ -296,7 +296,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="ldapi://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for ldapi://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=NULL pass=NULL size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldapi://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=127.0.0.1 port=0
ldapi requires an absolute path ("127.0.0.1" given)
@@ -309,7 +309,7 @@ LRU list:
internal_search_find: file="NULL"
type=ldap key="user="cn=manager,o=University of Cambridge,c=UK" pass="se\"cret" ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
database lookup required for user="cn=manager,o=University of Cambridge,c=UK" pass="se\"cret" ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
-LDAP parameters: user=cn=manager,o=University of Cambridge,c=UK pass=se"cret size=sss time=0 connect=0 dereference=0
+LDAP parameters: user=cn=manager,o=University of Cambridge,c=UK pass=se"cret size=sss time=0 connect=0 dereference=0 referrals=on
perform_ldap_search: ldap URL = "ldaps://127.0.0.1/o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=0 tcplimit=0
after ldap_url_parse: host=127.0.0.1 port=636
ldap_initialize with URL ldaps://127.0.0.1:636/
@@ -322,3 +322,36 @@ search_tidyup called
unbind LDAP connection to 127.0.0.1:636
unbind LDAP connection to /tmp/ldap.sock:389
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+changed uid/gid: -C, -D, -be or -bf forces real uid
+ uid=CALLER_UID gid=CALLER_GID pid=pppp
+configuration file is TESTSUITE/test-config
+admin user
+originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME
+sender address = CALLER@myhost.test.ex
+search_open: ldap "NULL"
+search_find: file="NULL"
+ key="time=1 referrals=nofollow ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" partial=-1 affix=NULL starflags=0
+LRU list:
+internal_search_find: file="NULL"
+ type=ldap key="time=1 referrals=nofollow ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)"
+database lookup required for time=1 referrals=nofollow ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)
+LDAP parameters: user=NULL pass=NULL size=sss time=1 connect=0 dereference=0 referrals=off
+perform_ldap_search: ldap URL = "ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)" server=NULL port=0 sizelimit=0 timelimit=1 tcplimit=0
+after ldap_url_parse: host=NULL port=389
+ldap_initialize with URL ldap://:389/
+initialized for LDAP (v3) server NULL:389
+LDAP_OPT_X_TLS_TRY set
+binding with user=NULL password=NULL
+Start search
+ldap_result loop
+LDAP entry loop
+LDAP attr loop sn:Hazel
+search ended by ldap_result yielding 101
+ldap_parse_result: 0
+ldap_parse_result yielded 0: Success
+LDAP search: returning: Hazel
+lookup yielded: Hazel
+search_tidyup called
+unbind LDAP connection to NULL:389
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
diff --git a/test/stdout/9000 b/test/stdout/9000
index cfd0c2102..b492cddbf 100644
--- a/test/stdout/9000
+++ b/test/stdout/9000
@@ -177,3 +177,7 @@ cn="P Hazel, Phil Hazel" sn="Hazel" objectClass="person"
> Expect ldap_search to fail
> Failed: lookup of "ldap:///o=top?mailRoutingAddress,mailHost,objectClass?sub?(&(mailLocalAddress=3-1546081-domain.net?wendling@stderr.efficientimpacte.com)(objectClass=inetLocalMailRecipient))" gave DEFER: ldap_search failed: -7, Bad search filter
>
+> Expect "Hazel" - checking referrals syntax
+> ${lookup ldap {time=1 referrals=nofollow ldap:///o=University%20of%20Cambridge,c=UK?sn?sub?(cn=Philip%20Hazel)}{$value}fail}
+> Hazel
+>