Hello,
I’m trying to analyse the requests done to my ldapserver from a nas. While browsing the logs I found the following entries :
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 fd=38 ACCEPT from IP=10.220.18.3:47000 (IP=0.0.0.0:636) Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 fd=38 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.2 tls_cipher=ECDHE-RSA-AES256-GCM-SHA384 Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 op=0 BIND dn="" method=128 Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 op=0 RESULT tag=97 err=0 qtime=0.000014 etime=0.000110 text= ….. Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SRCH base="ou=people,dc=ipb,dc=fr" scope=1 deref=0 filter="(&(objectClass=posixAccount)(gidNumber=*)) Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SRCH attr=gidNumber Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SEARCH RESULT tag=101 err=4 qtime=0.000007 etime=0.000224 nentries=1 text=
But if I do the same seach :
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 fd=31 ACCEPT from IP=127.0.0.1:56536 (IP=0.0.0.0:636) Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 fd=31 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384 Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=0 BIND dn="" method=128 Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=0 RESULT tag=97 err=0 qtime=0.000008 etime=0.000040 text= Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SRCH base="ou=people,dc=ipb,dc=fr" scope=1 deref=0 filter="(&(objectClass=posixAccount)(gidNumber=*))" Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SRCH attr=gidNumber Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000011 etime=0.054003 nentries=5206 text=
I have no specific ACL on the ip quering.
What I see is that in the first case I have err=4, from what I have found it means size limit exceeded. Do you have an explanation of the first anwser ? Is there any param that can be in the request to cause the err=4 ? Maybe I should rise the logLevel to find the difference between the two requests ?
Thanks in advance for any hint...
— Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11
--On Wednesday, March 27, 2024 11:28 AM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
Hello,
I'm trying to analyse the requests done to my ldapserver from a nas. While browsing the logs I found the following entries :
I have no specific ACL on the ip quering.
Do you have any "limits" directives in your configuration?
--Quanah
Le 27 mars 2024 à 15:35, Quanah Gibson-Mount quanah@fast-mail.org a écrit :
--On Wednesday, March 27, 2024 11:28 AM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
Hello,
I'm trying to analyse the requests done to my ldapserver from a nas. While browsing the logs I found the following entries :
I have no specific ACL on the ip quering.
Do you have any "limits" directives in your configuration?
No.
But I think I have found the solution (as always after asking on the list) : if I add a size limit in the query (ldapsearch -z 1) I have exactly the same log lines when query manually than the NAS. So I guess that the NAS is trying to find if there is any data gidNumber in the ou branch, if it gets one entry and err=4 that means there are data
Sorry for the too quick question.
f.g
--Quanah
— Frédéric Goudal Ingénieur Système, DSI Bordeaux-INP +33 556 84 23 11
Quanah Gibson-Mount wrote:
--On Wednesday, March 27, 2024 11:28 AM +0100 Frédéric Goudal frederic.goudal@bordeaux-inp.fr wrote:
Hello,
I'm trying to analyse the requests done to my ldapserver from a nas. While browsing the logs I found the following entries :
I have no specific ACL on the ip quering.
Do you have any "limits" directives in your configuration?
He should instead check for a sizelimit being set by the client.
openldap-technical@openldap.org
-
Frédéric Goudal -
Howard Chu -
Quanah Gibson-Mount