masarati(a)aero.polimi.it wrote:
>> hyc(a)symas.com wrote:
>> > The filter behavior you're describing was noted in ITS#5756, fixed in
>> January.
>>
>> If it was fixed in January, why does openldap-2.4.16 (20090411) still
>> exhibit the described behaviour?
>
> Did you actually try to swap the order of the filters, and did it work?
> Since Howard fixed ITS#5756, you might be experiencing something
> different.
>
> Also, can you check whether you're actually using 2.4.16? According to
> the changelog, the fix to ITS#5756 was released with 2.4.14.
>
> p.
>
I am using 2.4.16. The problem is, that caching seems to work for some
entries but not for others. It is not related to the order of the filter
rules. Here is what happens: (lines starting with *** are my comments)
**** slapd is started showing version, query templates and attributes
bash-2.05# ./slapd -d 4096
@(#) $OpenLDAP: slapd 2.4.16 (Jun 30 2009 16:56:26) $
jim@flits:/net/build.sparc/management/openldap/openldap-2.4.16/servers/slapd
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 78: rootdn
is always granted unlimited privileges.
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 85: rootdn
is always granted unlimited privileges.
Total # of attribute sets to be cached = 10.
Template:
query template: (&(objectClass=)(uid=))
attributes:
uid
cn
Template:
query template: (&(uid=)(objectClass=))
attributes:
uid
cn
slapd starting
*** Now I enter a search in another window
bash-2.05$ /usr/local/bin/ldapsearch -x -h localhost
'(&(objectClass=sambaSamAccount)(uid=wvk))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=wvk))
# requesting: uid cn
#
# wvk, People, few.vu.nl
dn: uid=wvk,ou=People,dc=few,dc=vu,dc=nl
uid: wvk
cn: wvk
*** requested attributes are returned as expected
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
*** Output of slapd for this search *****
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=wvk))
Lock QC index = 31e698
Not answerable: Unlock QC index=31e698
QUERY NOT ANSWERABLE
QUERY CACHEABLE
Added query expires at 1249416628 (POSITIVE)
Lock AQ index = 31e698
TEMPLATE 31e698 QUERIES++ 1
Unlock AQ index = 31e698
Base of added query = dc=few,dc=vu,dc=nl
UUID for query being added = 68ab725c-157a-102e-87a7-cd469e2cf913
ENTRY ADDED/MERGED, CACHED ENTRIES=0
STORED QUERIES = 1
*** same search is repeated
bash-2.05$ /usr/local/bin/ldapsearch -x -h localhost
'(&(objectClass=sambaSamAccount)(uid=wvk))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=wvk))
# requesting: uid cn
#
*** Note that nothing is returned
# search result
search: 2
result: 0 Success
# numResponses: 1
*** Output of slapd for the second search ****
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=wvk))
Lock QC index = 31e698
QUERY ANSWERABLE
*** For another uid it works perfectly.
/usr/local/bin/ldapsearch -x -h localhost
'(&(objectClass=sambaSamAccount)(uid=jim))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=jim))
# requesting: uid cn
#
# jim, People, few.vu.nl
dn: uid=jim,ou=People,dc=few,dc=vu,dc=nl
uid: jim
cn: W. van Keulen
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
bash-2.05$ /usr/local/bin/ldapsearch -x -h localhost
'(&(objectClass=sambaSamAccount)(uid=jim))' uid cn
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: (&(objectClass=sambaSamAccount)(uid=jim))
# requesting: uid cn
#
# jim, People, few.vu.nl
dn: uid=jim,ou=People,dc=few,dc=vu,dc=nl
uid: jim
cn: W. van Keulen
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
bash-2.05
*** Output of slapd for second case
$bash-2.05# ./slapd -d 4096
@(#) $OpenLDAP: slapd 2.4.16 (Jun 30 2009 16:56:26) $
jim@flits:/net/build.sparc/management/openldap/openldap-2.4.16/servers/slapd
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 78: rootdn
is always granted unlimited privileges.
/opt/openldap/openldap-2.4.16/etc/openldap/slapd.conf: line 85: rootdn
is always granted unlimited privileges.
Total # of attribute sets to be cached = 10.
Template:
query template: (&(objectClass=)(uid=))
attributes:
uid
cn
Template:
query template: (&(uid=)(objectClass=))
attributes:
uid
cn
slapd starting
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=jim))
Lock QC index = 31e698
Not answerable: Unlock QC index=31e698
QUERY NOT ANSWERABLE
QUERY CACHEABLE
Added query expires at 1249417816 (POSITIVE)
Lock AQ index = 31e698
TEMPLATE 31e698 QUERIES++ 1
Unlock AQ index = 31e698
Base of added query = dc=few,dc=vu,dc=nl
UUID for query being added = 2c8d245c-157d-102e-87c5-e7c795cd8bf5
ENTRY ADDED/MERGED, CACHED ENTRIES=0
STORED QUERIES = 1
query template of incoming query = (&(objectClass=)(uid=))
Entering QC, querystr = (&(objectClass=sambaSamAccount)(uid=jim))
Lock QC index = 31e698
QUERY ANSWERABLE
There is no difference if I reverse the filter. It works for
some uid's, but not for others.
Regards,
Jim