Sadly, that was my opinion too. But there are some applications without any way to finetune ldap client parameters, so I asked if there is a secret option... :)
Thanks for your help,
Lajos
I don't think slapd-meta(5) can handle cross-target paged results. It would require some non-trivial bookkeeping of the control's cookie whichLajos Boróczki wrote:
Hi,
I'm trying to set up an openldap proxy server using slapd-meta. Everything
worked so far, but after the backend database grew bigger and bigger,
searches with a fixed page size started to give strange results.
Tracing the problem led me to the following: If I set a page size of 300 in
my ldapsearch (where localhost:3890 is my slapd running slapd-meta):
ldapsearch -x -W -D "CN=admin,DC=example,DC=org" -E pr=300 -H
"ldap://localhost:3890/" -b "dc=a,dc=example,dc=org"
"(objectClass=inetOrgPerson)" uid
I get at most 300 results and the paging information is lost on the way. If
I set 300 to 1000 I get all of the results, because I have ~500 entries.
Doing an ldapsearch to the backand servers:
ldapsearch -x -W -D "CN=admin,DC=example,DC=org" -E pr=300 -H "ldap://
dc1.a.example.org/" "dc=a,dc=example,dc=org" "(objectClass=user)"
userPrincipalName
I get 300 results and a prompt to press enter, after pressing some enters I
can get every entries.
My backends are Active directories... :(
Thanks for your help,
Lajos
Config:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/ad_attr.schema
include /etc/ldap/schema/ad_class.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 8
modulepath /usr/lib/ldap
moduleload back_meta
moduleload back_ldap
moduleload rwm
moduleload pcache
moduleload back_bdb
sizelimit 1000
tool-threads 1
database meta
suffix "dc=example,dc=org"
norefs yes
rebind-as-user yes
chase-referrals no
uri "ldap://dc1.example.org/dc=example,dc=org" "ldap://
dc2.example.org/"
uri "ldap://dc1.a.example.org/dc=a,dc=example,dc=org" "ldap://
dc2.a.example.org/"
uri "ldap://dc1.b.example.org/dc=b,dc=example,dc=org" "ldap://
dc2.b.example.org/"
overlay rwm
rwm-rewriteEngine on
rwm-map attribute uid userPrincipalName
rwm-map objectclass inetOrgPerson user
<personal opinion>
I wouldn't consider worth the effort for such a useless control.
</personal opinion>
p.