[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8724) slapo-pcache truncates remote results

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8724) slapo-pcache truncates remote results
From: adam@brainfood.com
Date: Wed, 06 Sep 2017 18:01:40 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

I'll say it another way.  ldapsearch is asking for 200 items at a
time.  But it gets 2000 from the local slapd, when pcache is enabled.
What the local client is asking of slapd should be separate from how
it talks to the back-ldap.  If the back-ldap returns more results then
the requested page size, then slapd should handle that.



On Wed, Sep 6, 2017 at 12:59 PM, Adam Heath <adam@brainfood.com> wrote:
> No, it's a pcache bug.
>
> 10.10.55.128(remote active directory) works
> localhost(without pcache) works
> localhost(with pcache) breaks.
>
> Paging of the results *does* work with AD.  And works with back-ldap,
> pointed at AD.  It's only when pcache is added that the paging options
> are ignored.
>
> On Wed, Sep 6, 2017 at 12:48 PM, Quanah Gibson-Mount <quanah@symas.com> wrote:
>> --On Wednesday, September 06, 2017 6:15 PM +0000 adam@brainfood.com wrote:
>>
>>> Full_Name: Adam Heath
>>> Version: 2.4.44
>>> OS: debian stretch
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (99.146.168.62)
>>>
>>>
>>> I have configured slapd to proxy to a remote server.
>>>
>>> Using ldapsearch, I can talk directly to that remote server, and using the
>>> pr=200/noprompt option, I get back 2900 results.
>>>
>>> Pointing ldapsearch at localhost, *without* pcache, I get the same set of
>>> results(pages, and the final count is correct).
>>>
>>> When I enabled slapo-pcache, with *no* attribute sets, then the paging
>>> options are removed, and I get only 2000 results(the max-size from the
>>> remote server).
>>
>>
>> Hi Adam,
>>
>> slapo-pcahce is acting in the correct fashion.  It would appear that your
>> remote system is Active Directory, which in typical Microsoft fashion,
>> deliberately mis-implements paged results so that it incorrectly ignores the
>> maxsize setting when paged results are in use (contrary to specifications).
>> I would generally suggest talking to the AD administrator so that the bind
>> identity of the pcache database is not subject to the maxsize limitation.
>>
>> This ITS will be closed.
>>
>> Regards,
>> Quanah
>>
>>
>> --
>>
>> Quanah Gibson-Mount
>> Product Architect
>> Symas Corporation
>> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
>> <http://www.symas.com>
>>

Prev by Date: Re: (ITS#8724) slapo-pcache truncates remote results
Next by Date: Re: (ITS#8719) slapd_crypt() become slow when many ldap cliant connections occur.
Index(es):
- Chronological
- Thread