[Date Prev][Date Next]
Re: (ITS#8724) slapo-pcache truncates remote results
I'll say it another way. ldapsearch is asking for 200 items at a
time. But it gets 2000 from the local slapd, when pcache is enabled.
What the local client is asking of slapd should be separate from how
it talks to the back-ldap. If the back-ldap returns more results then
the requested page size, then slapd should handle that.
On Wed, Sep 6, 2017 at 12:59 PM, Adam Heath <firstname.lastname@example.org> wrote:
> No, it's a pcache bug.
> 10.10.55.128(remote active directory) works
> localhost(without pcache) works
> localhost(with pcache) breaks.
> Paging of the results *does* work with AD. And works with back-ldap,
> pointed at AD. It's only when pcache is added that the paging options
> are ignored.
> On Wed, Sep 6, 2017 at 12:48 PM, Quanah Gibson-Mount <email@example.com> wrote:
>> --On Wednesday, September 06, 2017 6:15 PM +0000 firstname.lastname@example.org wrote:
>>> Full_Name: Adam Heath
>>> Version: 2.4.44
>>> OS: debian stretch
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (126.96.36.199)
>>> I have configured slapd to proxy to a remote server.
>>> Using ldapsearch, I can talk directly to that remote server, and using the
>>> pr=200/noprompt option, I get back 2900 results.
>>> Pointing ldapsearch at localhost, *without* pcache, I get the same set of
>>> results(pages, and the final count is correct).
>>> When I enabled slapo-pcache, with *no* attribute sets, then the paging
>>> options are removed, and I get only 2000 results(the max-size from the
>>> remote server).
>> Hi Adam,
>> slapo-pcahce is acting in the correct fashion. It would appear that your
>> remote system is Active Directory, which in typical Microsoft fashion,
>> deliberately mis-implements paged results so that it incorrectly ignores the
>> maxsize setting when paged results are in use (contrary to specifications).
>> I would generally suggest talking to the AD administrator so that the bind
>> identity of the pcache database is not subject to the maxsize limitation.
>> This ITS will be closed.
>> Quanah Gibson-Mount
>> Product Architect
>> Symas Corporation
>> Packaged, certified, and supported LDAP solutions powered by OpenLDAP: