Full_Name: Jan Engelhardt Version: 2.4.44, 2.4.45 OS: Linux 4.11, openSUSE Tumbleweed 20170626 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (77.178.174.83)
I observed that the dynlist overlay fails to generate its attributes for certain DNs. Ultimately it appears to relate to the chosen page size with which the database is queried; the smaller, the more often it occurs.
Reproduce as follows:
1. Set up dynlist in slapd.conf for the database:
include rfc2307bis.schema include dyngroup.schema
database hdb suffix o=da index objectClass eq rootdn cn=root,o=da overlay dynlist dynlist-attrset posixAccount labeledURI memberOf
2. Construct some entries, such as:
dn: cn=users,o=da member: uid=foo,o=da cn: users objectClass: groupOfNames objectClass: top objectClass: posixGroup gidNumber: 1555 description: users memberUid: foo
dn: uid=foo,o=da objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: foo displayName: Foo givenName: foo sn: foo uid: foo mail: foo@dagent.lh gidNumber: 1555 homeDirectory: /home/foo uidNumber: 25122 labeledURI: ldap:///o=da??sub?(&(objectClass=posixGroup)(memberUid=foo))
3. Query database with a sufficiently small page size:
## ldapsearch -xb o=da -E pr=1 dn: o=da [ a little trimmed for brevity] control: 1.2.840.113556.1.4.319 false MA0CAQAECAEAAAAAAAAA pagedresults: cookie=AQAAAAAAAAA= dn: cn=root,o=da [ ] pagedresults: cookie=AgAAAAAAAAA= Press [size] Enter for the next {1|size} entries. dn: cn=users,o=da [ ] pagedresults: cookie=CAAAAAAAAAA= Press [size] Enter for the next {1|size} entries. dn: uid=foo,o=da objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: foo displayName: Foo Beyond givenName: foo sn: foo uid: foo mail: foo@dagent.lh gidNumber: 1555 homeDirectory: /home/foo uidNumber: 25122 labeledURI: ldap:///o=da??sub?(&(objectClass=posixGroup)(memberUid=foo))
# search result search: 5 result: 0 Success control: 1.2.840.113556.1.4.319 false MAUCAQAEAA== pagedresults: cookie=
With larger pagesizes or completely omitting -E pr, memberOf does appear:
labeledURI: ldap:///o=da??sub?(&(objectClass=posixGroup)(memberUid=foo)) memberOf: cn=users,o=da