[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-sql sqlquery

From what I'm experiencing, when I include objectClass in my search filter, generated SQL query seems to be evil. Even if I search for
a structural objectclass (for instance inetOrgPerson), it (inner) joins
LDAP_ENTRIES with LDAP_ENTRY_OBJCLASSES, what brings me no rows.

I've tried redefine LDAP_ENTRY_OBJCLASSES as a view that lists
both auxiliary and structural classes. Ok... that gave me searched entries, but due that evil " OR " it also cross-joined every ldap_entries.id with every keyval. So if I had 3 correct entries, ldapsearch gave me 3 * 3 = 9 entries !

I've tried replace "OR" by a some kind of UNION in source code,
but I gave up ...

After I discovered, that if I have LDAP_ENTRY_OBJCLASSES just as
stated in man page, join works well, since that table has at least
one single row - even if that row does not satisfy join condition.

I'm still testing, but for while "OR" seems to be breaking
other queries. For instance, with a filter like (&(cn="xxx")(objectClass="inetOrgPerson"),
just cn="xxx" would pick few rows from database, but all rows
get loaded.

Thomas Hoth escreveu:
On Wed, Oct 19, 2005 at 10:14:55AM +0200, Pierangelo Masarati wrote:


Why do back-sql querys like
(2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND
ldap_entry_objclasses.oc_name='" /* '))

For what is the 2=2 ? This makes my query very slow.

The "2=2" is a placeholder for "TRUE". Different numbers indicate different places in the code where the replacement took place. I'd be much more worried about the "ldap_entry_objclasses.oc_name='" /* '" which clearly indicates an error in the code, or some abnormal behavior at least. Unfortunately you don't provide enough info to track where it might have happened.

I think the "ldap_entry_objclasses.oc_name='" /* '" ist not a bug. It
will fill out at the runtime the full query is:

SELECT DISTINCT ldap_entries.id,groups.id,text('posixGroup') AS
objectClass,ldap_entries.dn AS dn FROM ldap_entries,groups,ldap_entry_objclasses,posix_account,groups_users
WHERE groups.id=ldap_entries.keyval AND ldap_entries.oc_map_id=4 AND 9=9 AND groups_users.memberuid=posix_account.uidnumber AND
groups_users.gidnumber=groups.gidnumber AND ((2=2 OR (ldap_entries.id=ldap_entry_objclasses.entry_id AND
ldap_entry_objclasses.oc_name='posixGroup')) AN ((posix_account.uid='lml34') OR 7=7));

It's from line 738 in servers/slapd/back-sql/search.c

Iam not an SQL-geek but what ist the sense to ask "true OR query" ?


Marcio Scheibler
UFSM - CPD - Divisao de Suporte