[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3724) back_meta more sizelimit problems

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#3724) back_meta more sizelimit problems
From: m.d.t.evans@qmul.ac.uk
Date: Fri, 13 May 2005 16:27:42 GMT

I think the problem that I was seeing was due to bad back-meta
configuration and the fact that the filter for user1 actually matched
entries in _both_ the local server and the remote servers. But the
proxied user1 was being hidden from me by an access control list.
Changing my search filter rewrite rule in the back-meta proxied tree to
filter out the spurious, hidden, remote user1 entry solves the sizelimit
problem.

The remote server that I am using has many entries that I don't want to
return. What would be nice would be to have an rewrite action for the
searchResults context that could be used to discard entries. Is there a
way of doing this?

Thanks again for all your help with this.

Cheers,
Martin.

On Fri, 2005-05-13 at 17:58 +0200, Pierangelo Masarati wrote:
> > I've patched with this:
> > http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-
> > meta/search.c.diff?r1=1.60.2.17&r2=1.60.2.18&hideattic=1&sortbydate=1
> 
> That's correct :)
> 
> > But there is still a problem with the second example: e.g. a search for
> > 2 entries with a sizelimit of 2 gives only 1 entry with err=4.
> >
> > bash-3.00$ ldapsearch -x -LLL -z2 "(|(uid=user1)(uid=user2))"
> > dn: uid=user1,ou=people,ou=auth,ou=basedn
> > uid: user1
> > ou: Computing Services
> > objectClass: inetOrgPerson
> > sn: Evans
> > cn: MDT Evans
> > initials: MDT
> >
> > Size limit exceeded (4)
> >
> > user1 is in the local bdb database. user2 in the proxy
> >
> > Setting -z3 and above gives both entries with no error.
> 
> This is working for me, regardless of the order of the local and proxied
> database.  Can you post your slapd.conf?  I'm posting the relevant part of
> mine (follow the coments if you want to replay).
> 
> p.
> 
> # run test003; then put in slapd.conf:
> <snip>
> database        bdb
> suffix          "o=University of Michigan,c=US"
> subordinate
> directory       ./testrun/db.1.a
> rootdn          "cn=Manager,o=University of Michigan,c=US"
> rootpw          secret
> index           objectClass     eq
> index           cn,sn,uid       pres,eq,sub
> 
> database        meta
> suffix          "o=Meta,c=US"
> subordinate
> 
> uri             "ldap://:9011/o=Meta,c=US";
> suffixmassage   "o=Meta,c=US" "o=University of Michigan,c=US"
> 
> database        bdb
> suffix          "c=US"
> directory       ./testrun/db.2.a
> rootdn          "cn=Manager,c=US"
> rootpw          secret
> index           objectClass     eq
> </snip>
> 
> # then create dir "./testrun/db.2.a", run slapd, load
> 
> dn: c=US
> objectClass: country
> c: US
> 
> # into the glue database and search for "(uid=bjorn)" with -z1 and -z2;
> # you will find it once in the local and once in the proxied database.
> 
-- 
-- Dr MDT Evans, Computing Services, Queen Mary, University of London

Prev by Date: Re: (ITS#3723) test017-syncreplication-refresh - master and slave databases differ
Next by Date: Re: (ITS#3722) ber_free() mixes with Oracle-9
Index(es):
- Chronological
- Thread