If unindexed searches are activated:
[root@host rmazgon]# ldapsearch -LLL -x -D "cn=Directory Manager" -b cn=config -W -h ldap-server -b "cn=UserRoot,cn=ldbm database,cn=plugins,cn=config" -s base "(objectclass=*)" nsslapd-require-index Enter LDAP Password: dn: cn=userRoot,cn=ldbm database,cn=plugins,cn=config nsslapd-require-index: on
The Directory Manager must override any type of filter, but it does not it:
[root@host rmazgon]# ldapsearch -v -x -D "cn=Directory Manager" -b c=es -W -h ldap-server "(uid=)" dn ldap_initialize( ldap://ldap-server ) Enter LDAP Password: filter: (uid=) requesting: dn
search: 2 result: 53 Server is unwilling to perform text: Search is not indexed
[root@host rmazgon]#
It can be shown at server access log:
... [03/Mar/2014:13:25:08 +0000] conn=54137 fd=219 slot=219 connection from 10.140.141.70 to 10.141.197.211 [03/Mar/2014:13:25:08 +0000] conn=54137 op=0 BIND dn="cn=Directory Manager" method=128 version=3 [03/Mar/2014:13:25:08 +0000] conn=54137 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager" [03/Mar/2014:13:25:08 +0000] conn=54137 op=1 SRCH base="c=es" scope=2 filter="(uid=*)" attrs="distinguishedName" [03/Mar/2014:13:25:08 +0000] conn=54137 op=1 RESULT err=53 tag=101 nentries=0 etime=0 notes=A [03/Mar/2014:13:25:08 +0000] conn=54137 op=2 UNBIND [03/Mar/2014:13:25:08 +0000] conn=54137 op=2 fd=219 closed - U1
...
The administrative user (Directory Manager) user must override unindexed search filters.
My server version: 389-Directory/1.2.11.25 B2013.325.1951
RPMs from EPEL: [root@server ~]# rpm -qa | grep -i 389 389-ds-1.2.2-1.el6.noarch 389-ds-console-doc-1.2.6-1.el6.noarch 389-ds-base-libs-1.2.11.25-1.el6.x86_64 389-admin-1.1.35-1.el6.x86_64 389-admin-console-doc-1.1.8-1.el6.noarch 389-admin-console-1.1.8-1.el6.noarch 389-dsgw-1.1.11-1.el6.x86_64 389-adminutil-1.1.19-1.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-console-1.1.7-1.el6.noarch 389-ds-base-1.2.11.25-1.el6.x86_64
Metadata Update from @rmazgon: - Issue set to the milestone: FUTURE
Metadata Update from @mreynolds: - Custom field reviewstatus adjusted to None - Issue close_status updated to: None - Issue set to the milestone: 1.4.4 (was: FUTURE)
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1060
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.