7963 – Client paged results directive fails

Issue 7963 - Client paged results directive fails

Summary: Client paged results directive fails

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.39
Hardware:	All All

Importance:	--- normal
Target Milestone:	2.5.0
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-09 09:51 UTC by kenel.bastoon@gmail.com
Modified:	2020-03-23 15:45 UTC (History)
CC List:	0 users

See Also:	8683

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description kenel.bastoon@gmail.com 2014-10-09 09:51:43 UTC

Full_Name: Bastien Bonnefon
Version: 2.4.39
OS: CentOS 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.2.202.93)


Hi,

I have installed openldap as meta directory to request multiple Active
Directory.
I have managed to install and make it work with dynamic configuration or
slapd.conf.
But one of the applications accessing the directory needs paged results due to
the large amount of entries returned.

So I've searched and found the directive "client-pr", which seems to have been
enabled since this case :
http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=6664;page=4

The directive is also dcribibed in the slapd-meta man page :
http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html

However, enabling the feature in slapd.conf (I just can't in olc format) doesn't
work. Syslog shows this :
"unknown directive <client-pr> inside backend database definition"

I've started testing with CentOS 7 and package openldap 2.4.39
I've then tried with Debian Wheezy and Ubuntu 14.04 (package slapd 2.4.31)
I've also tried installing openldap from the source with the version 2.4.24
(client-pr should have been enabled in this version due to ITS#6664) => no way
:/

I think I've declared the directive as specified in the man page but maybe I
miss something. I have not found any other report on the web on how to use
"client-pr".
Thank you for your help.


Here is my slapd.conf

# Include
include     /etc/ldap/schema/core.schema
include     /etc/ldap/schema/cosine.schema
include     /etc/ldap/schema/inetorgperson.schema
include     /etc/ldap/schema/nis.schema

pidfile     /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

# Modules
moduleload back_ldap.la
moduleload back_meta.la

# Database meta
database        meta
suffix          "dc=meta,dc=local"

rootdn "cn=Manager,dc=meta,dc=local"
rootpw secret_password1

# First directory
uri           "ldap://192.168.0.1/ou=test1,dc=meta,dc=local"
client-pr accept-unsolicited
lastmod       off
suffixmassage   "ou=test1,dc=meta,dc=local" "dc=test1,dc=local"
idassert-bind bimemethod=simple
   binddn="cn=openldap,OU=users,OU=TEST,dc=test1,dc=local"
   credentials="secret_password2"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local"
chase-referrals no
acl-authcDN cn=openldap,OU=users,OU=TEST,dc=test1,dc=local
acl-passwd secret_password2

# Second Directory
uri "ldap://192.168.0.2/ou=test2,dc=meta,dc=local"
client-pr accept-unsolicited
lastmod       off
suffixmassage "ou=test2,dc=meta,dc=local" ,%c=test2,dc=local"
idassert-bind bindmethod=simple
  binddn="cn=openldap,OU=users,OU=TEST,dc=test2,dc=local"
  credentials="secret_password3"
  mode=none
  flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local"
chase-referrals no
acl-authcDN "cn=openldap,OU=users,OU=TEST,dc=test2,dc=local"
acl-passwd secret_password3


idletimeout   1800

Comment 1 Howard Chu 2014-10-09 11:50:17 UTC

kenel.bastoon@gmail.com wrote:
> Full_Name: Bastien Bonnefon
> Version: 2.4.39
> OS: CentOS 7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (194.2.202.93)
>
>
> Hi,
>
> I have installed openldap as meta directory to request multiple Active
> Directory.
> I have managed to install and make it work with dynamic configuration or
> slapd.conf.
> But one of the applications accessing the directory needs paged results due to
> the large amount of entries returned.
>
> So I've searched and found the directive "client-pr", which seems to have been
> enabled since this case :
> http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=6664;page=4
>
> The directive is also dcribibed in the slapd-meta man page :
> http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html

Looking at the ITS history, it appears that this code was released in January 
2011 but in fact, the released code is not actually enabled. (It is behind an 
#ifdef LDAP_DEVEL mask.) Most likely a mistake was made in releasing it at 
that time, since I see no actual test feedback in the ITS.

If you want to test this you will have to compile back-meta yourself, and edit 
back-meta.h to make sure SLAPD_META_CLIENT_PR gets defined instead of being 
hidden. Please then send your test results as a followup to ITS#6664.

> However, enabling the feature in slapd.conf (I just can't in olc format) doesn't
> work. Syslog shows this :
> "unknown directive <client-pr> inside backend database definition"
>
> I've started testing with CentOS 7 and package openldap 2.4.39
> I've then tried with Debian Wheezy and Ubuntu 14.04 (package slapd 2.4.31)
> I've also tried installing openldap from the source with the version 2.4.24
> (client-pr should have been enabled in this version due to ITS#6664) => no way
> :/
>
> I think I've declared the directive as specified in the man page but maybe I
> miss something. I have not found any other report on the web on how to use
> "client-pr".
> Thank you for your help.
>
>
> Here is my slapd.conf
>
> # Include
> include     /etc/ldap/schema/core.schema
> include     /etc/ldap/schema/cosine.schema
> include     /etc/ldap/schema/inetorgperson.schema
> include     /etc/ldap/schema/nis.schema
>
> pidfile     /var/run/slapd/slapd.pid
> argsfile    /var/run/slapd/slapd.args
>
> # Modules
> moduleload back_ldap.la
> moduleload back_meta.la
>
> # Database meta
> database        meta
> suffix          "dc=meta,dc=local"
>
> rootdn "cn=Manager,dc=meta,dc=local"
> rootpw secret_password1
>
> # First directory
> uri           "ldap://192.168.0.1/ou=test1,dc=meta,dc=local"
> client-pr accept-unsolicited
> lastmod       off
> suffixmassage   "ou=test1,dc=meta,dc=local" "dc=test1,dc=local"
> idassert-bind bimemethod=simple
>     binddn="cn=openldap,OU=users,OU=TEST,dc=test1,dc=local"
>     credentials="secret_password2"
>     mode=none
>     flags=non-prescriptive
> idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local"
> chase-referrals no
> acl-authcDN cn=openldap,OU=users,OU=TEST,dc=test1,dc=local
> acl-passwd secret_password2
>
> # Second Directory
> uri "ldap://192.168.0.2/ou=test2,dc=meta,dc=local"
> client-pr accept-unsolicited
> lastmod       off
> suffixmassage "ou=test2,dc=meta,dc=local" ,%c=test2,dc=local"
> idassert-bind bindmethod=simple
>    binddn="cn=openldap,OU=users,OU=TEST,dc=test2,dc=local"
>    credentials="secret_password3"
>    mode=none
>    flags=non-prescriptive
> idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local"
> chase-referrals no
> acl-authcDN "cn=openldap,OU=users,OU=TEST,dc=test2,dc=local"
> acl-passwd secret_password3
>
>
> idletimeout   1800
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 2 kenel.bastoon@gmail.com 2014-10-14 14:53:45 UTC

Thank you for your reply.

I will follow your suggestion. As my case is not urgent, I'll send comments
to ITS#6664 when I'll have time to test more in depth.

Regards

Comment 3 Quanah Gibson-Mount 2020-03-20 20:56:22 UTC

Actually only enabled for RE25.