Re: (ITS#8724) slapo-pcache truncates remote results

[adam@brainfood.com]

No, it's a pcache bug.

10.10.55.128(remote active directory) works
localhost(without pcache) works
localhost(with pcache) breaks.

Paging of the results *does* work with AD.  And works with back-ldap,
pointed at AD.  It's only when pcache is added that the paging options
are ignored.

On Wed, Sep 6, 2017 at 12:48 PM, Quanah Gibson-Mount <quanah@symas.com> wrote:
> --On Wednesday, September 06, 2017 6:15 PM +0000 adam@brainfood.com wrote:
>
>> Full_Name: Adam Heath
>> Version: 2.4.44
>> OS: debian stretch
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (99.146.168.62)
>>
>>
>> I have configured slapd to proxy to a remote server.
>>
>> Using ldapsearch, I can talk directly to that remote server, and using the
>> pr=200/noprompt option, I get back 2900 results.
>>
>> Pointing ldapsearch at localhost, *without* pcache, I get the same set of
>> results(pages, and the final count is correct).
>>
>> When I enabled slapo-pcache, with *no* attribute sets, then the paging
>> options are removed, and I get only 2000 results(the max-size from the
>> remote server).
>
>
> Hi Adam,
>
> slapo-pcahce is acting in the correct fashion.  It would appear that your
> remote system is Active Directory, which in typical Microsoft fashion,
> deliberately mis-implements paged results so that it incorrectly ignores the
> maxsize setting when paged results are in use (contrary to specifications).
> I would generally suggest talking to the AD administrator so that the bind
> identity of the pcache database is not subject to the maxsize limitation.
>
> This ITS will be closed.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>