[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8724) slapo-pcache truncates remote results

I'll say it another way.  ldapsearch is asking for 200 items at a
time.  But it gets 2000 from the local slapd, when pcache is enabled.
What the local client is asking of slapd should be separate from how
it talks to the back-ldap.  If the back-ldap returns more results then
the requested page size, then slapd should handle that.

On Wed, Sep 6, 2017 at 12:59 PM, Adam Heath <adam@brainfood.com> wrote:
> No, it's a pcache bug.
> active directory) works
> localhost(without pcache) works
> localhost(with pcache) breaks.
> Paging of the results *does* work with AD.  And works with back-ldap,
> pointed at AD.  It's only when pcache is added that the paging options
> are ignored.
> On Wed, Sep 6, 2017 at 12:48 PM, Quanah Gibson-Mount <quanah@symas.com> wrote:
>> --On Wednesday, September 06, 2017 6:15 PM +0000 adam@brainfood.com wrote:
>>> Full_Name: Adam Heath
>>> Version: 2.4.44
>>> OS: debian stretch
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (
>>> I have configured slapd to proxy to a remote server.
>>> Using ldapsearch, I can talk directly to that remote server, and using the
>>> pr=200/noprompt option, I get back 2900 results.
>>> Pointing ldapsearch at localhost, *without* pcache, I get the same set of
>>> results(pages, and the final count is correct).
>>> When I enabled slapo-pcache, with *no* attribute sets, then the paging
>>> options are removed, and I get only 2000 results(the max-size from the
>>> remote server).
>> Hi Adam,
>> slapo-pcahce is acting in the correct fashion.  It would appear that your
>> remote system is Active Directory, which in typical Microsoft fashion,
>> deliberately mis-implements paged results so that it incorrectly ignores the
>> maxsize setting when paged results are in use (contrary to specifications).
>> I would generally suggest talking to the AD administrator so that the bind
>> identity of the pcache database is not subject to the maxsize limitation.
>> This ITS will be closed.
>> Regards,
>> Quanah
>> --
>> Quanah Gibson-Mount
>> Product Architect
>> Symas Corporation
>> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
>> <http://www.symas.com>