[Date Prev][Date Next]
(ITS#6253) sizelimit is enforced before applying local filters with a translucent overlay
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6253) sizelimit is enforced before applying local filters with a translucent overlay
- From: email@example.com
- Date: Thu, 13 Aug 2009 09:39:57 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Isaac Clerencia
Submission from: (NULL) (220.127.116.11)
If a 'sizelimit' is required in a query to an LDAP server that uses a
translucent overlay, and the filter has to be split between a remote filter and
a local filter, and the remote filter returns more than 'sizelimit' objects, you
will get a 'sizelimit' error even if the local filter would have filtered out
enough objects to keep the number of objects under the sizelimit.
In my case I have an LDAP holding basic posixAccount information plus a
translucent holding Samba information.
The following query:
% ldapsearch -z 1 -x -s one -b 'ou=Users,dc=hq,dc=eboxhq,dc=com' -H
only matches one object in the LDAP directory, but it will fail because the
remote LDAP will return every user and then the 'sizelimit' is immediately
enforced before applying the local (sambaSID) filter.
The result with -z 1 is:
# search result
result: 4 Size limit exceeded
# numResponses: 1
The result without the -z option is:
# bar, Users, hq.eboxhq.com
# search result
result: 0 Success
# numResponses: 2
# numEntries: 1
I think the 'sizelimit' should only be applied to the last set of results and
not to the number of results in intermediate steps.