[Date Prev][Date Next]
(ITS#7008) paged results against ldap-proxy errors with 'cookie is invalid'
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7008) paged results against ldap-proxy errors with 'cookie is invalid'
- From: firstname.lastname@example.org
- Date: Mon, 1 Aug 2011 21:29:15 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Bill MacAllister
OS: Debian 6
Submission from: (NULL) (18.104.22.168)
We typically setup local proxy servers to support applications that cannot
support a GSSAPI bind to the directory server. The proxy server allows
anonymous access to the directory for connections from the localhost and
connects to the master using GSSAPI. We are experiencing a failures when
we attempt to use the paged results control on the proxy. For example:
ldapsearch -E pr=1000/noprompt -x -b "cn=people,dc=stanford,dc=edu" -h localhost
"(&(objectClass=suPerson)(suVisibIdentity=world))" ou telephonenumber title
ends with the error:
# search result
result: 0 Success
control: 1.2.840.113522.214.171.1249 false MA0CAQAECCiDAAAAAAAA
# extended LDIF
# base <cn=people,dc=stanford,dc=edu> with scope subtree
# filter: (&(objectClass=suPerson)(suVisibIdentity=world))
# requesting: ou telephonenumber title
# with pagedResults control: size=1000
# search result
result: 2 Protocol error
text: paged results cookie is invalid
# numResponses: 4005
# numEntries: 4000
This result is not consistent. We have seen examples where 2000 and 3000
entries being returned and then the error. Another test that we performed with
a slightly more complex filter, i.e.
returned usually returned 1000 entries before erroring.
Issuing a similar search directly against the backend ldap server completes
We have seen the same behavior on OpenLDAP 2.4.23 as well.
Logs generated running slapd standalone with '-d stats,packets' are available at