[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5208) OpenLDAP w/ multiple bdb backends provides invalid paged result responses

To: openldap-its@OpenLDAP.org
Subject: (ITS#5208) OpenLDAP w/ multiple bdb backends provides invalid paged result responses
From: hume-ml@bofh.ca
Date: Tue, 30 Oct 2007 18:15:12 GMT

Full_Name: Brandon Hume
Version: 2.3.38
OS: OpenSolaris/Redhat Linux AS3
URL: 
Submission from: (NULL) (129.173.2.54)


When OpenLDAP is serving a tree split into multiple backends (for whatever
reasons someone might do so), searching with the paged result control against
the base DN and ranging across the subordinate trees causes a paged result
cursor to be provided for each backend. 

ie: With a config such as:

database        bdb
directory       /opt/csw/var/openldap/people
suffix          "ou=People,dc=example,dc=com"    
subordinate                             
rootdn          "cn=NOC,dc=example,dc=com"
                                     
database        bdb                  
directory       /opt/csw/var/openldap/default
suffix          "dc=domain,dc=com"               
rootdn          "cn=NOC,dc=domain,dc=com"
rootpw          {SSHA}[...]


A search such as the following:
    ldapsearch -h localhost -x -E pr=2 -b dc=dal,dc=ca '(objectclass=*)'

... will produce the following result/control response:

[...]
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.319 false MAkCAQAEBAIAAAA=
control: 1.2.840.113556.1.4.319 false MAkCAQAEBP////8=
Press [size] Enter for the next {2|size} entries.


This has the effect of causing the next paged result to fail, since one of the
two values is not correct and is rejected by the server.

Prev by Date: (ITS#5207) Password checking: external program
Next by Date: Re: (ITS#5199) slapd sometimes hangs with back-sql
Index(es):
- Chronological
- Thread