--On Tuesday, August 02, 2011 02:16:27 PM -0700 Howard Chu hyc@symas.com wrote:
whm@stanford.edu wrote:
--On Tuesday, August 02, 2011 11:03:24 AM -0700 Quanah Gibson-Mountquanah@zimbra.com wrote:
--On Tuesday, August 02, 2011 5:54 PM +0000 whm@stanford.edu wrote:
Your log shows that the subsequent search request initiates a new Bind to the remote server, which implies that it's not re-using the same connection as the first request. Since a paged results cookie is only valid within the context of a single connection, you get this error result.
Not sure which log you are looking at. When I look at the log:
http://www.stanford.edu/~whm/files/ldap-debugging/slapd-trace-paged-resu lts.log.gz
The only connection I see in the log is conn=1000 and it ends with:
conn=1000 op=5 SEARCH RESULT tag=101 err=2 nentries=0 text=paged results cookie is invalid ldap_read: want=8, got=7 0000: 30 05 02 01 07 42 00 0....B. ldap_read: want=8, got=0
conn=1000 op=6 UNBIND conn=1000 fd=11 closed
These tests where made with a single ldapsearch request. The ldapsearch tests fail when using the proxy and succeed when connecting directly to the LDAP server with the database on it.
A side node: the test case I submitted used ldapsearch, but the problem was uncovered using a python application that is used for syncing Gmail account data.
Bill
I have copied the backend server configuration to http://www.stanford.edu/~whm/files/ldap-debugging/. I dumped an copy of cn=config and there is a files based version the in ldap subdirectory as well.
Where's the configuration for the slapd-ldap server? That's of the most importance...
--Quanah
Of course, sorry about that. I have copied the files to the web site.
Sounds like this may be related to ITS#6817. Please try adding a dummy binddn to your idassert-bind directive and re-test.
I modified the configuration to include:
idassert-bind bindmethod=SASL saslmech=GSSAPI mode=none binddn=cn=auth
I am stilling getting the invalid-cookie error.
% ldapsearch -E pr=1000/noprompt -x -b "cn=people,dc=stanford,dc=edu" -h localhost "(&(objectclass=suPerson)(suVisibIdentity=world))" ou telephonenumber title ...lots of entries... # search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.319 false MA0CAQAECGIdAAAAAAAA pagedresults: cookie=Yh0AAAAAAAA= # extended LDIF # # LDAPv3 # base <cn=people,dc=stanford,dc=edu> with scope subtree # filter: (&(objectclass=suPerson)(suVisibIdentity=world)) # requesting: ou telephonenumber title # with pagedResults control: size=1000 #
# search result search: 3 result: 2 Protocol error text: paged results cookie is invalid
# numResponses: 1002 # numEntries: 1000
Bill