Learn more about these different git repos.
Other Git URLs
Description of problem: Disabling paging control on openldap server, doesn't allow sssd to enumerate any users against it since we cannot turn paging control off in sssd. Version-Release number of selected component (if applicable): sssd-1.5.1-43.el6 How reproducible: Always Steps to Reproduce: 1. Disable paging in openldap server: olcSizeLimit: size.prtotal=disabled in /etc/openldap/slapd.d/cn\=config.ldif 2. ldapsearch with paging control fails: ldapsearch -xv -h openldap.example.com -E pr=5 -b "dc=example,dc=com" gives: # search result search: 2 result: 11 Administrative limit exceeded text: pagedResults control not allowed 3. However, ldapsearch without paging control works: ldapsearch -xv -h openldap.example.com -b "dc=example,dc=com" ... ... # search result search: 2 result: 0 Success # numResponses: 40 # numEntries: 39 Actual results: Since there is no way to disable paging support in sssd, we are not able to enumerate any users. /var/log/sssd/sssd_openldap.log shows: (Thu Aug 4 07:09:26 2011) [sssd[be[openldap]]] [sdap_get_generic_done] (6): Search result: Administrative limit exceeded(11), pagedResults control not allowed (Thu Aug 4 07:09:26 2011) [sssd[be[openldap]]] [sdap_get_generic_done] (2): Unexpected result from ldap: Administrative limit exceeded(11), pagedResults control not allowed (Thu Aug 4 07:09:26 2011) [sssd[be[openldap]]] [sdap_get_users_process] (6): Search for users, returned 0 results Expected results: sssd must allow to turn off paging control. Additional info:
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.8.0
rhbz: 728212 => [https://bugzilla.redhat.com/show_bug.cgi?id=728212 728212]
Moving to 1.7.91. Fixing this requires adding a new config option (which means it needs to be done before string freeze).
The solution will be to add an option {{{ldap_disable_paging}}} to force SSSD not to use the paging control, even if the RootDSE reports being able to do so.
This will also function as a workaround to a FreeIPA/389DS bug where only one paging control can be active on a single connection at a time. In high-load situations, this was causing intermittent failures with the error: "Server is unwilling to perform(53), Simple Paged Results Search already in progress on this connection"
blockedby: => blocking: => milestone: SSSD 1.8.0 => SSSD 1.7.91 (1.8.0 beta 1) owner: somebody => sgallagh
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=782221
status: new => assigned
patch: 0 => 1
Fixed by 8270b1b
resolution: => fixed status: assigned => closed
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue set to the milestone: SSSD 1.8 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2009
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.