[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5208) OpenLDAP w/ multiple bdb backends provides invalid paged result responses

Full_Name: Brandon Hume
Version: 2.3.38
OS: OpenSolaris/Redhat Linux AS3
Submission from: (NULL) (

When OpenLDAP is serving a tree split into multiple backends (for whatever
reasons someone might do so), searching with the paged result control against
the base DN and ranging across the subordinate trees causes a paged result
cursor to be provided for each backend. 

ie: With a config such as:

database        bdb
directory       /opt/csw/var/openldap/people
suffix          "ou=People,dc=example,dc=com"    
rootdn          "cn=NOC,dc=example,dc=com"
database        bdb                  
directory       /opt/csw/var/openldap/default
suffix          "dc=domain,dc=com"               
rootdn          "cn=NOC,dc=domain,dc=com"
rootpw          {SSHA}[...]

A search such as the following:
    ldapsearch -h localhost -x -E pr=2 -b dc=dal,dc=ca '(objectclass=*)'

... will produce the following result/control response:

# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MAkCAQAEBAIAAAA=
control: 1.2.840.113556.1.4.319 false MAkCAQAEBP////8=
Press [size] Enter for the next {2|size} entries.

This has the effect of causing the next paged result to fail, since one of the
two values is not correct and is rejected by the server.