openldap-bugs

openldap-bugs@openldap.org

1 participants
21003 discussions

RE: (ITS#7698) Multiple Paged search requests on one connection fail
by john.unsworth＠cp.net 17 Sep '13

17 Sep '13

Products other than browsers use LDAP servers. Our product is a meta directory that watches for changes on multiple data sources (LDAP, Databases, SAP, ...) and reconciles any changes across the complete set of sources according to data filtering and transformation rules. However sometimes it is necessary to read the whole data set - for example when a new data server is added, or when changes may have been missed for any reason, or when an 'audit' type operation is required to ensure that all data sources are consistent. LDAP servers we connect to typically contain thousands if not millions of entries. Reading the lot without paging - although we can do it - is very inefficient both in terms of LDAP resources and application resources. The directory is read using multiple parallel paged searches across different branches on a single connection. Every directory we have used except OpenLDAP can manage this effectively. In the case of OpenLDAP there is no LDAP changelog and so the only way we have of discovering changes is to read the whole directory and compare with what was read last time. -----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: 17 September 2013 20:20 To: john.unsworth(a)cp.net; openldap-its(a)openldap.org Subject: Re: (ITS#7698) Multiple Paged search requests on one connection fail john.unsworth(a)cp.net wrote: > I would also be interested to understand why " paged results is inherently > flawed". Although being the author of an interactive LDAP UI client I still wonder why people want paged results (or tree browsing). If you have so many results you should narrow the search criteria. Browsing/paging is pretty inefficient working style. Ciao, Michael.

1 0

Re: (ITS#7698) Multiple Paged search requests on one connection fail
by michael＠stroeder.com 17 Sep '13

17 Sep '13

This is a cryptographically signed message in MIME format. --------------ms010600090306020303050000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable john.unsworth(a)cp.net wrote: > I would also be interested to understand why " paged results is inheren= tly > flawed". Although being the author of an interactive LDAP UI client I still wonder= why people want paged results (or tree browsing). If you have so many results you should narrow the search criteria. Browsing/paging is pretty inefficient working style. Ciao, Michael. --------------ms010600090306020303050000 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIFfzCC BXswggNjoAMCAQICAwxOfTANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4w HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMjEw MDIyMDE3MDlaFw0xNDEwMDIyMDE3MDlaMD8xGDAWBgNVBAMUD01pY2hhZWwgU3Ry9mRlcjEj MCEGCSqGSIb3DQEJARYUbWljaGFlbEBzdHJvZWRlci5jb20wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDo2SKth5GhtaDrCyfGtyUG+/hAAa/J52L0NFN4SSRvTtdGf9HfWwwd NCtgae0TVGWk2lKDbXA9d5vmyIiRhuwxd90H6FLErhRBeB9G67qtw87E8WUoXt2DwPQEUTWV hqHpPadlmgFw3+i3TGQQTe3O3W9MMMd4GJNhObem2VGRuCD37OXnzBksTcq0FPJgcWAhe3d/ 0ItOkNWBqgq8Mf3p7WFBhaQ0a27BC/mKtH8fI3kPcS305imPRja69Msq3EwUZBc9ToVp6FRQ NYKjfOBybDUzVkmRZl3H8xutQP2w8Zxb8m5f7Q1BfLLrIFScfYvIDgOERxTCd4lab8+/09XH AgMBAAGjggFEMIIBQDAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91 ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuQ0Fj ZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMCA6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsGAQUFBwMC BgorBgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAkMCIG CCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMB8GA1UdEQQYMBaBFG1pY2hhZWxAc3Ry b2VkZXIuY29tMA0GCSqGSIb3DQEBBQUAA4ICAQC9ouXq3p/bDWMM4tBKgD3tl4HY5H0eECl8 q9/nqk0UL6YeWkrCiQdrDtNPW7DcGqNYtzdgtzmyTr1GhiAX+igrOjdk/ge5NRcQOpONK/4b zrmpQEcIUyxSSDKLWh211/kcFfxxLEiJ5teF4GL8Fc1qbrLP4+DCvJXWfYaaR5NLjZMqm2VP yKTv3qpXWnGohiRkGTwS/11QM2XCfIGdRsQT9a8mO4m2fn2tGPp2TEIoCLrDDrbGVeDWaOWB OIeTrp4wa3Q4OI6yCptJhEqKvjhV96IBRYgM76nTBqsqnDzwxExAyhhWiUS5DunRHOr/+NyF pUpD4883RBLO0g9kUEGOhtZNF1u+8zEL0YgMGvifAom9JEklLOXZuqj0MThypKs/3d/OyOQb 4gURnu6oZwcKZ7LskytWnlRKUxF6o0A8grtmyKkqe14TS7cQbg0NTaIYXPkHR+dfFmb3uEqn BBjvpJXFcEtWI2lQXC/ET+au991pK797ExBOmpQwjIn3SjiW80vw/UoL6DMvqY/6JhVhyNTP MJ2W5AX5kc27DIbVtVGZs8J4AYhuNALJUq9N9Ka7rPRj3RcYDrfehDLOkM5iMnarpmtuOpLK d1SvZhqj/0N/JWGIDpPSTkTFOPP6ZN9I9Rqyf+9NGqb2sjo4DkIiZcHxt735/GJLwus5KLBl 2DGCA6EwggOdAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93 d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8G CSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMMTn0wCQYFKw4DAhoFAKCCAfUwGAYJ KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwOTE3MTkyMDAwWjAj BgkqhkiG9w0BCQQxFgQUpv3q6AMfQ1O8+1srFtSPkVL3xygwbAYJKoZIhvcNAQkPMV8wXTAL BglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBkQYJKwYBBAGCNxAEMYGD MIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9y ZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS c3VwcG9ydEBjYWNlcnQub3JnAgMMTn0wgZMGCyqGSIb3DQEJEAILMYGDoIGAMHkxEDAOBgNV BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl cnQub3JnAgMMTn0wDQYJKoZIhvcNAQEBBQAEggEAGjYerDwPbwx9TRVxTwWTs+XC+rIW5OBo aslumvg3olNfz8t+Tw+Mjg23Gr9JCoAeJNW3F/YyUnvBD2hiWqDFfG/GJrRoEcpoXTMjNe+k OBjGqU84SK/a8OwFQWgY2FN5pB88Zz56HBqSur7QmXhVu4ijKwGQGlVZxJFJ5JFeoNcKEJfo ln/4LsMgQ8g/ouvokX3tRsbb8u8dT4EaEwN1nyMaLK5el/DhGuVwuwh0tqS6BV82NPG1NRAb YdIs5DQAqrqXJBrFhvABVSwZQ73rzipMZrFXz42uuaG/5ronuSPMFIPAGOxuF4/zUsN5qcq8 AQ7mVAQ37eOdfyhv8jKVFwAAAAAAAA== --------------ms010600090306020303050000--

1 0

RE: (ITS#7698) Multiple Paged search requests on one connection fail
by john.unsworth＠cp.net 17 Sep '13

17 Sep '13

I would also be interested to understand why " paged results is inherently flawed". -----Original Message----- From: John Unsworth [mailto:john.unsworth@cp.net] Sent: 17 September 2013 12:07 To: 'Pierangelo Masarati' Cc: 'openldap-its(a)openldap.org' Subject: RE: (ITS#7698) Multiple Paged search requests on one connection fail Thank you for your reply. >> Technically speaking, paged results consists of perfectly >> independent operations from the protocol point of view Yes but the results have not all been retrieved - only the first page full - and further operations are needed to get the additional results. Hence paged searches are not really independent but are linked by the cookie. The results are supposed to remain available so that additional searches using the same cookie can retrieve them. Every other LDAP server I have come across allows multiple concurrent paged searches on a single connection. The RFC does seem to allow the OpenLDAP behaviour but it seems extremely restrictive to me. It should at least be well documented. -----Original Message----- From: Pierangelo Masarati [mailto:pierangelo.masarati@polimi.it] <snip> No, it's correct (at least, that's the intended behavior). The operation structure is only persistent for the duration of the operation, whereas the connection structure persists for the duration of the connection. Technically speaking, paged results consists of perfectly independent operations from the protocol point of view, so persistent state is saved in the connection structure. Of course, multiple cookies could be stored, but since paged results is inherently flawed, it was decided to handle it this way. Clients need to use a dedicated connection for search operations that use the paged results control. p. -- Pierangelo Masarati Associate Professor Dipartimento di Scienze e Tecnologie Aerospaziali Politecnico di Milano

1 0

RE: (ITS#7698) Multiple Paged search requests on one connection fail
by john.unsworth＠cp.net 17 Sep '13

17 Sep '13

Thank you for your reply. >> Technically speaking, paged results consists of perfectly independent operations from the protocol point of view Yes but the results have not all been retrieved - only the first page full - and further operations are needed to get the additional results. Hence paged searches are not really independent but are linked by the cookie. The results are supposed to remain available so that additional searches using the same cookie can retrieve them. Every other LDAP server I have come across allows multiple concurrent paged searches on a single connection. The RFC does seem to allow the OpenLDAP behaviour but it seems extremely restrictive to me. It should at least be well documented. -----Original Message----- From: Pierangelo Masarati [mailto:pierangelo.masarati@polimi.it] Sent: 17 September 2013 11:54 To: john.unsworth(a)cp.net Cc: openldap-its(a)openldap.org Subject: Re: (ITS#7698) Multiple Paged search requests on one connection fail On 09/17/2013 12:36 PM, john.unsworth(a)cp.net wrote: > Full_Name: John Unsworth > Version: 2.4.34 > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (81.139.153.176) > > > If I issue multiple paged requests on a single connection then when > requesting the second page for the first request I receive 'paged > results cookie is invalid'. I suspect from looking at the code that > only a single paged request is allowed to be active at once on a connection. Can someone confirm please. Confirmed. > > parse_paged_cookie( Operation *op, SlapReply *rs ) > > if ( ps->ps_cookieval.bv_len ) { > ... > } else { > /* we're going to use ps_cookie */ > op->o_conn->c_pagedresults_state.ps_cookie = 0; > > It seems to me that the cookie is held against the connection (o_conn) > and not the operation. Surely this is wrong? No, it's correct (at least, that's the intended behavior). The operation structure is only persistent for the duration of the operation, whereas the connection structure persists for the duration of the connection. Technically speaking, paged results consists of perfectly independent operations from the protocol point of view, so persistent state is saved in the connection structure. Of course, multiple cookies could be stored, but since paged results is inherently flawed, it was decided to handle it this way. Clients need to use a dedicated connection for search operations that use the paged results control. p. -- Pierangelo Masarati Associate Professor Dipartimento di Scienze e Tecnologie Aerospaziali Politecnico di Milano

1 0

Re: (ITS#7698) Multiple Paged search requests on one connection fail
by pierangelo.masarati＠polimi.it 17 Sep '13

17 Sep '13

On 09/17/2013 12:36 PM, john.unsworth(a)cp.net wrote: > Full_Name: John Unsworth > Version: 2.4.34 > OS: Windows 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (81.139.153.176) > > > If I issue multiple paged requests on a single connection then when requesting > the second page for the first request I receive 'paged results cookie is > invalid'. I suspect from looking at the code that only a single paged request is > allowed to be active at once on a connection. Can someone confirm please. Confirmed. > > parse_paged_cookie( Operation *op, SlapReply *rs ) > > if ( ps->ps_cookieval.bv_len ) { > ... > } else { > /* we're going to use ps_cookie */ > op->o_conn->c_pagedresults_state.ps_cookie = 0; > > It seems to me that the cookie is held against the connection (o_conn) and not > the operation. Surely this is wrong? No, it's correct (at least, that's the intended behavior). The operation structure is only persistent for the duration of the operation, whereas the connection structure persists for the duration of the connection. Technically speaking, paged results consists of perfectly independent operations from the protocol point of view, so persistent state is saved in the connection structure. Of course, multiple cookies could be stored, but since paged results is inherently flawed, it was decided to handle it this way. Clients need to use a dedicated connection for search operations that use the paged results control. p. -- Pierangelo Masarati Associate Professor Dipartimento di Scienze e Tecnologie Aerospaziali Politecnico di Milano

1 0

RE: (ITS#7698) Multiple Paged search requests on one connection fail
by john.unsworth＠cp.net 17 Sep '13

17 Sep '13

I forgot to mention that the operations are all active at the same time: Issue paged op 1 Receive results for op 1 Issue paged op 2 Issue paged op 3 Request 2nd page for op 1 >From our trace: 16:45:00.678: [664.6392] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> SEARCH one 'ou=People,dc=maxcrc,dc=com' filter='(objectClass=*)' MsgID=5a 16:45:00.678: [664.6392] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> attribute[0]=1.1 16:45:00.678: [664.6392] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> SendingControl[0]=SimplePaged, Length=7, IsCritical=true 16:45:00.678: [664.6392] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> SimplePaged: 30 05 02 01 02 04 00 16:45:00.693: [664.6684] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> ReceivedControl[0]=SimplePaged, Length=11 16:45:00.693: [664.6684] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> SimplePaged: 30 09 02 01 00 04 04 04 00 00 00 16:45:00.693: [664.6684] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <56> SEARCH Result OK received=0 total=2 (complete) 16:45:00.700: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <59> SEARCH one 'cn=c1,ou=People,dc=maxcrc,dc=com' filter='(objectClass=*)' MsgID=5d 16:45:00.700: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <59> attribute[0]=1.1 16:45:00.700: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <59> SendingControl[0]=SimplePaged, Length=7, IsCritical=true 16:45:00.700: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <59> SimplePaged: 30 05 02 01 02 04 00 16:45:00.719: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5b> SEARCH one 'cn=c2,ou=People,dc=maxcrc,dc=com' filter='(objectClass=*)' MsgID=60 16:45:00.719: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5b> attribute[0]=1.1 16:45:00.719: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5b> SendingControl[0]=SimplePaged, Length=7, IsCritical=true 16:45:00.719: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5b> SimplePaged: 30 05 02 01 02 04 00 16:45:00.721: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5c> SEARCH one 'ou=People,dc=maxcrc,dc=com' filter='(objectClass=*)' MsgID=61 16:45:00.721: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5c> attribute[0]=1.1 16:45:00.721: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5c> SendingControl[0]=SimplePaged, Length=11, IsCritical=true 16:45:00.721: [664.6780] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5c> SimplePaged: 30 09 02 01 02 04 04 04 00 00 00 16:45:00.737: [664.6684] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5c> SEARCH Result ERROR='DA_E_PROTOCOL_ERROR' received=0 total=0 (complete) 16:45:00.737: [664.6684] DataAccess: 'LDAP://junsworth-lt4.eu.cp.net:33389' <5c> SEARCH Result Server_Info='paged results cookie is invalid'

1 0

(ITS#7698) Multiple Paged search requests on one connection fail
by john.unsworth＠cp.net 17 Sep '13

17 Sep '13

Full_Name: John Unsworth Version: 2.4.34 OS: Windows 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (81.139.153.176) If I issue multiple paged requests on a single connection then when requesting the second page for the first request I receive 'paged results cookie is invalid'. I suspect from looking at the code that only a single paged request is allowed to be active at once on a connection. Can someone confirm please. parse_paged_cookie( Operation *op, SlapReply *rs ) if ( ps->ps_cookieval.bv_len ) { ... } else { /* we're going to use ps_cookie */ op->o_conn->c_pagedresults_state.ps_cookie = 0; It seems to me that the cookie is held against the connection (o_conn) and not the operation. Surely this is wrong?

1 0

Re: (ITS#7697) RFE: contrib/slapo-lastbind as an official overlay
by michael＠stroeder.com 17 Sep '13

17 Sep '13

marco.pizzoli(a)gmail.com wrote: > Full_Name: Marco Pizzoli > Version: All > OS: N/A > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.11.209.11) > > > I would like to use contrib/slapo-lastbind as I currently do with all official > overlays: > > - main configure option > - cn=config integration > > So my request is to official adopt it. > > Few years ago I asked for another enhancement of this module with ITS#6871. +1, also for ITS#6871. Ciao, Michael.

1 0

(ITS#7697) RFE: contrib/slapo-lastbind as an official overlay
by marco.pizzoli＠gmail.com 17 Sep '13

17 Sep '13

Full_Name: Marco Pizzoli Version: All OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.11.209.11) I would like to use contrib/slapo-lastbind as I currently do with all official overlays: - main configure option - cn=config integration So my request is to official adopt it. Few years ago I asked for another enhancement of this module with ITS#6871. Any hope? Thanks in advance Marco Pizzoli

1 0

Re: (ITS#7693) ProxyCache Problems
by teichler＠message-mobile.de 16 Sep '13

16 Sep '13

Hi Quana, Now i understood what you mean. ;) I'll try it. Thank you Mike -- _____________________________________________________ Message Mobile GmbH Stresemannstr. 6, D-21335 Lüneburg teichler(a)message-mobile.de tel.: +49 (0)4131 24444-234, fax: +49 (0)4131 24444-2349 www.message-mobile.de GF: Dr. Martin Hecker, AG Lüneburg, HRB: 2414 _____________________________________________________

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs