First I apologize for posting a non-technical question / follow up to this list, however I can speak for the high value add that having official support for OpenLDAP that the Symas team offers. Like most folks on this list, we have a great deal of in house expertise on many software stacks including directory services in general. With that said, the Symas team members are great to work with, literally write the software that we are asking questions about and as a result have many years of experience and expertise that is easy to reach for. IMO the support that the Symas org puts forward is a model that vendors should be striving for.
Best, Aaron
-----Original Message----- From: Quanah Gibson-Mount quanah@symas.com Sent: Wednesday, September 2, 2020 2:45 PM To: Howard Chu hyc@symas.com; chrichardso27@gmail.com; openldap-technical@openldap.org Subject: Re: Index seems to return wrong amount of candidate causing really poor search performance
Warning: This email is from outside the company. Be careful clicking links or attachments.
--On Wednesday, September 2, 2020 8:37 PM +0100 Howard Chu hyc@symas.com wrote:
The depth is the same, the values are different from the actual that we use. I cannot share the actual values without disclosing internal details.
There's not a lot we can do without being able to reproduce the issue and see what's going on.
You could try starting with a mostly empty DB, adding just the offending value, looking at the filter debug output for a lookup on that, and see if it looks sensible first.
is the attribute abc=foo actually unique, or are there multiple occurrences of it in the DB?
I would optionally note that Symas does provide support contracts for OpenLDAP and has NDAs if this is a mission critical problem for your company. As Howard notes, without a reproduction case, it's virtually impossible for us to help here.
One option may be to see if you can reproduce the same problem after renaming the attribute to something you can disclose, combined with values that are the same exact length but are simillarly obfuscated to see if you can reproduce the issue that way. If so, you should be able to share those details.
Looking at the open bugs, I wonder if it is <https://urldefense.com/v3/__https://bugs.openldap.org/show_bug.cgi?id=7743__... >
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <https://urldefense.com/v3/__http://www.symas.com__;!!PIfy-9xbww!UGx4_veAjIOc... >
---------------------------------------------------------------------- The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you.