Hi Dieter!
We tried
Sizelimit unlimited
In slapd.conf, but the effect is the same, slapd answers "size limit exceeded". The search request command is
/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s children -E!sss="sncertnr:2.5.13.3" -E!vlv="0/9/0/1:objectclass=SN-ISIS-MTT-MainCert" "objectclass=*" sncertnr
Besides this effect we only have 10 records stored in the LDAP database ;-)
For the supported features see the following list:
openldap@ocsp-openldap24:~/openldap-snacc-2.3.6/c-lib> /home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b "" -s base +
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#
#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts:
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.9
supportedControl: 1.2.840.113556.1.4.473
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
entryDN:
subschemaSubentry: cn=Subschema
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
The OID 1.3.6.1.4.1.4203.666.8.1 is missing here but this OID is marked as kind of experimental. Why do I need this feature and how can I enable this?
Regards, Hartmut
Am Tue, 25 May 2010 16:16:52 +0200 hi Hartmut,
schrieb "Lehnert, Hartmut" Hartmut.Lehnert@secunet.com:
Hi Dieter! We tried Sizelimit unlimited
Limits have to be defined on both sides server side and client side.
In slapd.conf, but the effect is the same, slapd answers "size limit exceeded". The search request command is
/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s children -E!sss="sncertnr:2.5.13.3" -E!vlv="0/9/0/1:objectclass=SN-ISIS-MTT-MainCert" "objectclass=*" sncertnr
Is the ordering matching rule caseIgnoreOrderingMatch (oid 2.5.13.3) correct for sncertnr attribute type? Why are you adding objectclass0* to your search string?
Besides this effect we only have 10 records stored in the LDAP database ;-)
OK, then something weird is happening, could you run slapd in debugging mode?
For the supported features see the following list:
openldap@ocsp-openldap24:~/openldap-snacc-2.3.6/c-lib> /home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b "" -s base +
[...]
The OID 1.3.6.1.4.1.4203.666.8.1 is missing here but this OID is marked as kind of experimental. Why do I need this feature and how can I enable this?
Your search scope is defined as '-s children', the oid of this feature is the above mentioned oid. Your compiled slapd version does not understand -s children, thus applying default setting of -s sub, you probably should apply -s one.
-Dieter
Hi Dieter!
I use the search command
/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s sub -E!sss="sncertnr" -E!vlv="0/9/0/1:objectclass=SN-ISIS-MTT-MainCert" sncertnr
On client side this looks like as follows:
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/0/1 #
# R\C3\BCger OttoSER:9000, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9000
# R\C3\BCger OttoSER:9001, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMSxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9001
# R\C3\BCger OttoSER:9002, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMixvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9002
# R\C3\BCger OttoSER:9003, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMyxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9003
# R\C3\BCger OttoSER:9004, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwNCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9004
# R\C3\BCger OttoSER:9005, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwNSxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9005
# R\C3\BCger OttoSER:9006, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwNixvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9006
# R\C3\BCger OttoSER:9007, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwNyxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9007
# R\C3\BCger OttoSER:9008, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwOCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9008
# R\C3\BCger OttoSER:9009, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwOSxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9009
# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success control: 2.16.840.1.113730.3.4.10 false MA8CAQACAQwCAQAEBBD9LAg= vlvResult: pos=0 count=12 context=EP0sCA== (0) Success
# numResponses: 11 # numEntries: 10 Press [before/after(/offset/count|:value)] Enter for the next window.
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/9/12 #
# search result search: 3 result: 4 Size limit exceeded
# numResponses: 1
Debug output of the slapd server that concerns to this request:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7):
slap_listener(ldap://0.0.0.0:9389/)
daemon: listen=7, new connection on 11 daemon: added 11r (active) listener=(nil) conn=1000 fd=11 ACCEPT from IP=127.0.0.1:44124 (IP=0.0.0.0:9389) daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 2 descriptors daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 23 02 01 01 60 1e 02 0#...`.. ldap_read: want=29, got=29 0000: 01 03 04 10 63 6e 3d 6f 70 65 6e 6c 64 61 70 61 ....cn=openldapa 0010: 64 6d 69 6e 80 07 77 65 6c 63 6f 6d 65 dmin..welcome ber_get_next: tag 0x30 len 35 contents: ber_dump: buf=0x82cfda0 ptr=0x82cfda0 end=0x82cfdc3 len=35 0000: 02 01 01 60 1e 02 01 03 04 10 63 6e 3d 6f 70 65 ...`......cn=ope 0010: 6e 6c 64 61 70 61 64 6d 69 6e 80 07 77 65 6c 63 nldapadmin..welc 0020: 6f 6d 65 ome op tag 0x60, time 1274861153 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1000 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x82cfda0 ptr=0x82cfda3 end=0x82cfdc3 len=32 0000: 60 1e 02 01 03 04 10 63 6e 3d 6f 70 65 6e 6c 64 `......cn=openld 0010: 61 70 61 64 6d 69 6e 80 07 77 65 6c 63 6f 6d 65 apadmin..welcome ber_scanf fmt (m}) ber: ber_dump: buf=0x82cfda0 ptr=0x82cfdba end=0x82cfdc3 len=9 0000: 00 07 77 65 6c 63 6f 6d 65 ..welcome
dnPrettyNormal: <cn=openldapadmin>
=> ldap_bv2dn(cn=openldapadmin,0) <= ldap_bv2dn(cn=openldapadmin)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=openldapadmin)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=openldapadmin)=0 <<< dnPrettyNormal: <cn=openldapadmin>, <cn=openldapadmin> conn=1000 op=0 BIND dn="cn=openldapadmin" method=128 do_bind: version=3 dn="cn=openldapadmin" method=128 ==> bdb_bind: dn: cn=openldapadmin conn=1000 op=0 BIND dn="cn=openldapadmin" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=openldapadmin" to "cn=openldapadmin" send_ldap_result: conn=1000 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 11 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ conn=1000 op=0 RESULT tag=97 err=0 text= daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 2 descriptors daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 81 9f 02 01 02 63 3b 0.....c; ldap_read: want=154, got=154 0000: 04 11 6f 3d 43 75 73 74 6f 6d 65 72 43 41 2c 63 ..o=CustomerCA,c 0010: 3d 64 65 0a 01 02 0a 01 00 02 01 00 02 01 00 01 =de............. 0020: 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 ....objectclass0 0030: 0a 04 08 73 6e 63 65 72 74 6e 72 a0 5d 30 2b 04 ...sncertnr.]0+. 0040: 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e .1.2.840.113556. 0050: 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 0a 1.4.473.....0.0. 0060: 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 17 32 2e ..sncertnr0...2. 0070: 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 16.840.1.113730. 0080: 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 01 00 02 3.4.9.....0..... 0090: 01 09 a0 06 02 01 00 02 01 01 .......... ber_get_next: tag 0x30 len 159 contents: ber_dump: buf=0x82d01e0 ptr=0x82d01e0 end=0x82d027f len=159 0000: 02 01 02 63 3b 04 11 6f 3d 43 75 73 74 6f 6d 65 ...c;..o=Custome 0010: 72 43 41 2c 63 3d 64 65 0a 01 02 0a 01 00 02 01 rCA,c=de........ 0020: 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 .........objectc 0030: 6c 61 73 73 30 0a 04 08 73 6e 63 65 72 74 6e 72 lass0...sncertnr 0040: a0 5d 30 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 .]0+..1.2.840.11 0050: 33 35 35 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 3556.1.4.473.... 0060: 0e 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 .0.0...sncertnr0 0070: 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 ...2.16.840.1.11 0080: 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30 3730.3.4.9.....0 0090: 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 ............... op tag 0x63, time 1274861153 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1000 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82d01e0 ptr=0x82d01e3 end=0x82d027f len=156 0000: 63 3b 04 11 6f 3d 43 75 73 74 6f 6d 65 72 43 41 c;..o=CustomerCA 0010: 2c 63 3d 64 65 0a 01 02 0a 01 00 02 01 00 02 01 ,c=de........... 0020: 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 ......objectclas 0030: 73 30 0a 04 08 73 6e 63 65 72 74 6e 72 a0 5d 30 s0...sncertnr.]0 0040: 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 +..1.2.840.11355 0050: 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 6.1.4.473.....0. 0060: 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 17 0...sncertnr0... 0070: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 2.16.840.1.11373 0080: 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 01 0.3.4.9.....0... 0090: 00 02 01 09 a0 06 02 01 00 02 01 01 ............
dnPrettyNormal: <o=CustomerCA,c=de>
=> ldap_bv2dn(o=CustomerCA,c=de,0) <= ldap_bv2dn(o=CustomerCA,c=de)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=CustomerCA,c=de)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=customerca,c=de)=0 <<< dnPrettyNormal: <o=CustomerCA,c=de>, <o=customerca,c=de> SRCH "o=CustomerCA,c=de" 2 0 0 0 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d0207 end=0x82d027f len=120 0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 0a 04 ..objectclass0.. 0010: 08 73 6e 63 65 72 74 6e 72 a0 5d 30 2b 04 16 31 .sncertnr.]0+..1 0020: 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e 31 2e .2.840.113556.1. 0030: 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 0a 04 08 4.473.....0.0... 0040: 73 6e 63 65 72 74 6e 72 30 2e 04 17 32 2e 31 36 sncertnr0...2.16 0050: 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e .840.1.113730.3. 0060: 34 2e 39 01 01 ff 04 10 30 0e 02 01 00 02 01 09 4.9.....0....... 0070: a0 06 02 01 00 02 01 01 ........ end get_filter 0 filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82d01e0 ptr=0x82d0214 end=0x82d027f len=107 0000: 00 0a 04 08 73 6e 63 65 72 74 6e 72 a0 5d 30 2b ....sncertnr.]0+ 0010: 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 ..1.2.840.113556 0020: 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 .1.4.473.....0.0 0030: 0a 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 17 32 ...sncertnr0...2 0040: 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 .16.840.1.113730 0050: 2e 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 01 00 .3.4.9.....0.... 0060: 02 01 09 a0 06 02 01 00 02 01 01 ........... => get_ctrls ber_scanf fmt ({m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d0222 end=0x82d027f len=93 0000: 30 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0+..1.2.840.1135 0010: 35 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 56.1.4.473.....0 0020: 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 .0...sncertnr0.. 0030: 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 .2.16.840.1.1137 0040: 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 30.3.4.9.....0.. 0050: 01 00 02 01 09 a0 06 02 01 00 02 01 01 ............. ber_scanf fmt (b) ber: ber_dump: buf=0x82d01e0 ptr=0x82d023c end=0x82d027f len=67 0000: 00 01 ff 04 0e 30 0c 30 0a 04 08 73 6e 63 65 72 .....0.0...sncer 0010: 74 6e 72 30 2e 04 17 32 2e 31 36 2e 38 34 30 2e tnr0...2.16.840. 0020: 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 1.113730.3.4.9.. 0030: ff 04 10 30 0e 02 01 00 02 01 09 a0 06 02 01 00 ...0............ 0040: 02 01 01 ... ber_scanf fmt (m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d023f end=0x82d027f len=64 0000: 04 0e 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 ..0.0...sncertnr 0010: 30 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 0020: 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 13730.3.4.9..... 0030: 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 0............... => get_ctrls: oid="1.2.840.113556.1.4.473" (critical) ber_scanf fmt ({) ber: ber_dump: buf=0x82d0241 ptr=0x82d0241 end=0x82d024f len=14 0000: 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 0.0...sncertnr ber_scanf fmt ({) ber: ber_dump: buf=0x82d0241 ptr=0x82d0243 end=0x82d024f len=12 0000: 30 0a 04 08 73 6e 63 65 72 74 6e 72 0...sncertnr ber_scanf fmt (m) ber: ber_dump: buf=0x82d0241 ptr=0x82d0245 end=0x82d024f len=10 0000: 04 08 73 6e 63 65 72 74 6e 72 ..sncertnr ber_scanf fmt (}) ber: ber_dump: buf=0x82d0241 ptr=0x82d024f end=0x82d024f len=0
ber_scanf fmt ({m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d024f end=0x82d027f len=48 0000: 00 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 ....2.16.840.1.1 0010: 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 13730.3.4.9..... 0020: 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 0............... ber_scanf fmt (b) ber: ber_dump: buf=0x82d01e0 ptr=0x82d026a end=0x82d027f len=21 0000: 00 01 ff 04 10 30 0e 02 01 00 02 01 09 a0 06 02 .....0.......... 0010: 01 00 02 01 01 ..... ber_scanf fmt (m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d026d end=0x82d027f len=18 0000: 04 10 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 ..0............. 0010: 01 01 .. => get_ctrls: oid="2.16.840.1.113730.3.4.9" (critical) ber_scanf fmt ({ii) ber: ber_dump: buf=0x82d026f ptr=0x82d026f end=0x82d027f len=16 0000: 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 0............... ber_scanf fmt ({ii}) ber: ber_dump: buf=0x82d026f ptr=0x82d0277 end=0x82d027f len=8 0000: a0 06 02 01 00 02 01 01 ........ <= get_ctrls: n=2 rc=0 err="" attrs: sncertnr conn=1000 op=1 SRCH base="o=CustomerCA,c=de" scope=2 deref=0 filter="(objectClass=*)" conn=1000 op=1 SRCH attr=sncertnr ==> sssvlv_search: <o=CustomerCA,c=de> (objectClass=*), control flag: 3 => bdb_search bdb_dn2entry("o=customerca,c=de") => bdb_dn2id("c=de") <= bdb_dn2id: got id=0x1 => bdb_dn2id("o=customerca,c=de") <= bdb_dn2id: got id=0x2 entry_decode: "o=CustomerCA,c=de" <= entry_decode(o=CustomerCA,c=de) => access_allowed: search access to "o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) search_candidates: base="o=customerca,c=de" (0x00000002) scope=2 => bdb_dn2idl("o=customerca,c=de") bdb_idl_fetch_key: @o=customerca,c=de <= bdb_dn2idl: id=12 first=2 last=13 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates PRESENT => bdb_presence_candidates (objectClass) <= bdb_filter_candidates: id=-1 first=1 last=13 <= bdb_list_candidates: id=-1 first=2 last=13 <= bdb_filter_candidates: id=-1 first=2 last=13 bdb_search_candidates: id=-1 first=2 last=13 => test_filter PRESENT => access_allowed: search access to "o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "ou=testsuite,o=CustomerCA,c=de" <= entry_decode(ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x3 => test_filter PRESENT => access_allowed: search access to "ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9007,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9007,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9007,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x4 => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9007,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9008,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9008,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x5 => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9008,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9000,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9000,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9000,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x6 => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9000,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9001,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9001,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9001,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x7 => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9001,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9002,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9002,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9002,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x8 => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9002,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9003,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9003,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9003,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0x9 => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9003,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9004,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9004,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9004,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0xa => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9004,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9005,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9005,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9005,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0xb => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9005,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9006,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9006,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9006,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0xc => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9006,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 entry_decode: "cn=Rüger OttoSER:9009,ou=testsuite,o=CustomerCA,c=de" <= entry_decode(cn=Rüger OttoSER:9009,ou=testsuite,o=CustomerCA,c=de) => bdb_dn2id("cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de") <= bdb_dn2id: got id=0xd => test_filter PRESENT => access_allowed: search access to "cn=Rüger OttoSER:9009,ou=testsuite,o=CustomerCA,c=de" "objectClass" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) <= test_filter 6 send_ldap_result: conn=1000 op=1 p=3 send_ldap_result: err=0 matched="" text="" sssvlv: response control: status=0, text=<None> => bdb_entry_get: ndn: "cn=rüger ottoser:9000,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9000,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9000,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9000,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9000,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9000,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9000,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 30 2c er OttoSER:9000, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 30 9000 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 30 2c er OttoSER:9000, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 30 9000 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9001,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9001,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9001,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9001,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9001,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9001,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9001,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 31 2c er OttoSER:9001, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 31 9001 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 31 2c er OttoSER:9001, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 31 9001 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9002,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9002,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9002,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9002,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9002,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9002,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9002,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 32 2c er OttoSER:9002, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 32 9002 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 32 2c er OttoSER:9002, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 32 9002 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9003,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9003,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9003,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9003,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9003,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9003,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9003,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 33 2c er OttoSER:9003, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 33 9003 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 33 2c er OttoSER:9003, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 33 9003 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9004,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9004,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9004,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9004,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9004,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9004,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9004,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 34 2c er OttoSER:9004, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 34 9004 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 34 2c er OttoSER:9004, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 34 9004 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9005,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9005,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9005,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9005,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9005,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9005,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9005,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 35 2c er OttoSER:9005, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 35 9005 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 35 2c er OttoSER:9005, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 35 9005 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9006,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9006,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9006,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9006,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9006,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9006,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9006,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 36 2c er OttoSER:9006, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 36 9006 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 36 2c er OttoSER:9006, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 36 9006 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9007,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9007,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9007,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9007,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9007,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9007,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9007,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 37 2c er OttoSER:9007, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 37 9007 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 37 2c er OttoSER:9007, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 37 9007 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9008,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9008,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9008,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 38 2c er OttoSER:9008, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 38 9008 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 38 2c er OttoSER:9008, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 38 9008 <= send_search_entry: conn 1000 exit. => bdb_entry_get: ndn: "cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => send_search_entry: conn 1000 dn="cn=Rüger OttoSER:9009,ou=testsuite,o=CustomerCA,c=de" => access_allowed: read access to "cn=Rüger OttoSER:9009,ou=testsuite,o=CustomerCA,c=de" "entry" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) => access_allowed: result not in cache (SNcertNr) => access_allowed: read access to "cn=Rüger OttoSER:9009,ou=testsuite,o=CustomerCA,c=de" "SNcertNr" requested <= root access granted => access_allowed: read access granted by manage(=mwrscxd) conn=1000 op=1 ENTRY dn="cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de" ber_flush2: 84 bytes to sd 11 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 39 2c er OttoSER:9009, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 39 9009 ldap_write: want=84, written=84 0000: 30 52 02 01 02 64 4d 04 35 63 6e 3d 52 c3 bc 67 0R...dM.5cn=R..g 0010: 65 72 20 4f 74 74 6f 53 45 52 3a 39 30 30 39 2c er OttoSER:9009, 0020: 6f 75 3d 74 65 73 74 73 75 69 74 65 2c 6f 3d 43 ou=testsuite,o=C 0030: 75 73 74 6f 6d 65 72 43 41 2c 63 3d 64 65 30 14 ustomerCA,c=de0. 0040: 30 12 04 08 53 4e 63 65 72 74 4e 72 31 06 04 04 0...SNcertNr1... 0050: 39 30 30 39 9009 <= send_search_entry: conn 1000 exit. send_ldap_result: conn=1000 op=1 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=2 tag=101 err=0 ber_flush2: 96 bytes to sd 11 0000: 30 5e 02 01 02 65 07 0a 01 00 04 00 04 00 a0 50 0^...e.........P 0010: 30 1f 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0...1.2.840.1135 0020: 35 36 2e 31 2e 34 2e 34 37 34 04 05 30 03 0a 01 56.1.4.474..0... 0030: 00 30 2d 04 18 32 2e 31 36 2e 38 34 30 2e 31 2e .0-..2.16.840.1. 0040: 31 31 33 37 33 30 2e 33 2e 34 2e 31 30 04 11 30 113730.3.4.10..0 0050: 0f 02 01 00 02 01 0c 02 01 00 04 04 10 fd 2c 08 ..............,. ldap_write: want=96, written=96 0000: 30 5e 02 01 02 65 07 0a 01 00 04 00 04 00 a0 50 0^...e.........P 0010: 30 1f 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0...1.2.840.1135 0020: 35 36 2e 31 2e 34 2e 34 37 34 04 05 30 03 0a 01 56.1.4.474..0... 0030: 00 30 2d 04 18 32 2e 31 36 2e 38 34 30 2e 31 2e .0-..2.16.840.1. 0040: 31 31 33 37 33 30 2e 33 2e 34 2e 31 30 04 11 30 113730.3.4.10..0 0050: 0f 02 01 00 02 01 0c 02 01 00 04 04 10 fd 2c 08 ..............,. conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=10 text= daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 81 a5 02 01 03 63 3b 0.....c; ldap_read: want=160, got=160 0000: 04 11 6f 3d 43 75 73 74 6f 6d 65 72 43 41 2c 63 ..o=CustomerCA,c 0010: 3d 64 65 0a 01 02 0a 01 00 02 01 00 02 01 00 01 =de............. 0020: 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 ....objectclass0 0030: 0a 04 08 73 6e 63 65 72 74 6e 72 a0 63 30 2b 04 ...sncertnr.c0+. 0040: 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e .1.2.840.113556. 0050: 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 0a 1.4.473.....0.0. 0060: 04 08 73 6e 63 65 72 74 6e 72 30 34 04 17 32 2e ..sncertnr04..2. 0070: 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 16.840.1.113730. 0080: 33 2e 34 2e 39 01 01 ff 04 16 30 14 02 01 00 02 3.4.9.....0..... 0090: 01 09 a0 06 02 01 09 02 01 0c 04 04 10 fd 2c 08 ..............,. ber_get_next: tag 0x30 len 165 contents: ber_dump: buf=0x82dae00 ptr=0x82dae00 end=0x82daea5 len=165 0000: 02 01 03 63 3b 04 11 6f 3d 43 75 73 74 6f 6d 65 ...c;..o=Custome 0010: 72 43 41 2c 63 3d 64 65 0a 01 02 0a 01 00 02 01 rCA,c=de........ 0020: 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 .........objectc 0030: 6c 61 73 73 30 0a 04 08 73 6e 63 65 72 74 6e 72 lass0...sncertnr 0040: a0 63 30 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 .c0+..1.2.840.11 0050: 33 35 35 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 3556.1.4.473.... 0060: 0e 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 .0.0...sncertnr0 0070: 34 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 4..2.16.840.1.11 0080: 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 16 30 3730.3.4.9.....0 0090: 14 02 01 00 02 01 09 a0 06 02 01 09 02 01 0c 04 ................ 00a0: 04 10 fd 2c 08 ...,. op tag 0x63, time 1274861156 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1000 op=2 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82dae00 ptr=0x82dae03 end=0x82daea5 len=162 0000: 63 3b 04 11 6f 3d 43 75 73 74 6f 6d 65 72 43 41 c;..o=CustomerCA 0010: 2c 63 3d 64 65 0a 01 02 0a 01 00 02 01 00 02 01 ,c=de........... 0020: 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 ......objectclas 0030: 73 30 0a 04 08 73 6e 63 65 72 74 6e 72 a0 63 30 s0...sncertnr.c0 0040: 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 +..1.2.840.11355 0050: 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 6.1.4.473.....0. 0060: 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 34 04 17 0...sncertnr04.. 0070: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 2.16.840.1.11373 0080: 30 2e 33 2e 34 2e 39 01 01 ff 04 16 30 14 02 01 0.3.4.9.....0... 0090: 00 02 01 09 a0 06 02 01 09 02 01 0c 04 04 10 fd ................ 00a0: 2c 08 ,.
dnPrettyNormal: <o=CustomerCA,c=de>
=> ldap_bv2dn(o=CustomerCA,c=de,0) <= ldap_bv2dn(o=CustomerCA,c=de)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=CustomerCA,c=de)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=customerca,c=de)=0 <<< dnPrettyNormal: <o=CustomerCA,c=de>, <o=customerca,c=de> SRCH "o=CustomerCA,c=de" 2 0 0 0 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82dae00 ptr=0x82dae27 end=0x82daea5 len=126 0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 0a 04 ..objectclass0.. 0010: 08 73 6e 63 65 72 74 6e 72 a0 63 30 2b 04 16 31 .sncertnr.c0+..1 0020: 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e 31 2e .2.840.113556.1. 0030: 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 0a 04 08 4.473.....0.0... 0040: 73 6e 63 65 72 74 6e 72 30 34 04 17 32 2e 31 36 sncertnr04..2.16 0050: 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e .840.1.113730.3. 0060: 34 2e 39 01 01 ff 04 16 30 14 02 01 00 02 01 09 4.9.....0....... 0070: a0 06 02 01 09 02 01 0c 04 04 10 fd 2c 08 ............,. end get_filter 0 filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82dae00 ptr=0x82dae34 end=0x82daea5 len=113 0000: 00 0a 04 08 73 6e 63 65 72 74 6e 72 a0 63 30 2b ....sncertnr.c0+ 0010: 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 ..1.2.840.113556 0020: 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 .1.4.473.....0.0 0030: 0a 04 08 73 6e 63 65 72 74 6e 72 30 34 04 17 32 ...sncertnr04..2 0040: 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 .16.840.1.113730 0050: 2e 33 2e 34 2e 39 01 01 ff 04 16 30 14 02 01 00 .3.4.9.....0.... 0060: 02 01 09 a0 06 02 01 09 02 01 0c 04 04 10 fd 2c ..............., 0070: 08 . => get_ctrls ber_scanf fmt ({m) ber: ber_dump: buf=0x82dae00 ptr=0x82dae42 end=0x82daea5 len=99 0000: 30 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0+..1.2.840.1135 0010: 35 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 56.1.4.473.....0 0020: 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 34 04 .0...sncertnr04. 0030: 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 .2.16.840.1.1137 0040: 33 30 2e 33 2e 34 2e 39 01 01 ff 04 16 30 14 02 30.3.4.9.....0.. 0050: 01 00 02 01 09 a0 06 02 01 09 02 01 0c 04 04 10 ................ 0060: fd 2c 08 .,. ber_scanf fmt (b) ber: ber_dump: buf=0x82dae00 ptr=0x82dae5c end=0x82daea5 len=73 0000: 00 01 ff 04 0e 30 0c 30 0a 04 08 73 6e 63 65 72 .....0.0...sncer 0010: 74 6e 72 30 34 04 17 32 2e 31 36 2e 38 34 30 2e tnr04..2.16.840. 0020: 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 1.113730.3.4.9.. 0030: ff 04 16 30 14 02 01 00 02 01 09 a0 06 02 01 09 ...0............ 0040: 02 01 0c 04 04 10 fd 2c 08 .......,. ber_scanf fmt (m) ber: ber_dump: buf=0x82dae00 ptr=0x82dae5f end=0x82daea5 len=70 0000: 04 0e 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 ..0.0...sncertnr 0010: 30 34 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 04..2.16.840.1.1 0020: 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 16 13730.3.4.9..... 0030: 30 14 02 01 00 02 01 09 a0 06 02 01 09 02 01 0c 0............... 0040: 04 04 10 fd 2c 08 ....,. => get_ctrls: oid="1.2.840.113556.1.4.473" (critical) ber_scanf fmt ({) ber: ber_dump: buf=0x82dae61 ptr=0x82dae61 end=0x82dae6f len=14 0000: 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 0.0...sncertnr ber_scanf fmt ({) ber: ber_dump: buf=0x82dae61 ptr=0x82dae63 end=0x82dae6f len=12 0000: 30 0a 04 08 73 6e 63 65 72 74 6e 72 0...sncertnr ber_scanf fmt (m) ber: ber_dump: buf=0x82dae61 ptr=0x82dae65 end=0x82dae6f len=10 0000: 04 08 73 6e 63 65 72 74 6e 72 ..sncertnr ber_scanf fmt (}) ber: ber_dump: buf=0x82dae61 ptr=0x82dae6f end=0x82dae6f len=0
ber_scanf fmt ({m) ber: ber_dump: buf=0x82dae00 ptr=0x82dae6f end=0x82daea5 len=54 0000: 00 34 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 .4..2.16.840.1.1 0010: 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 16 13730.3.4.9..... 0020: 30 14 02 01 00 02 01 09 a0 06 02 01 09 02 01 0c 0............... 0030: 04 04 10 fd 2c 08 ....,. ber_scanf fmt (b) ber: ber_dump: buf=0x82dae00 ptr=0x82dae8a end=0x82daea5 len=27 0000: 00 01 ff 04 16 30 14 02 01 00 02 01 09 a0 06 02 .....0.......... 0010: 01 09 02 01 0c 04 04 10 fd 2c 08 .........,. ber_scanf fmt (m) ber: ber_dump: buf=0x82dae00 ptr=0x82dae8d end=0x82daea5 len=24 0000: 04 16 30 14 02 01 00 02 01 09 a0 06 02 01 09 02 ..0............. 0010: 01 0c 04 04 10 fd 2c 08 ......,. => get_ctrls: oid="2.16.840.1.113730.3.4.9" (critical) ber_scanf fmt ({ii) ber: ber_dump: buf=0x82dae8f ptr=0x82dae8f end=0x82daea5 len=22 0000: 30 14 02 01 00 02 01 09 a0 06 02 01 09 02 01 0c 0............... 0010: 04 04 10 fd 2c 08 ....,. ber_scanf fmt ({ii}) ber: ber_dump: buf=0x82dae8f ptr=0x82dae97 end=0x82daea5 len=14 0000: a0 06 02 01 09 02 01 0c 04 04 10 fd 2c 08 ............,. ber_scanf fmt (m) ber: ber_dump: buf=0x82dae8f ptr=0x82dae9f end=0x82daea5 len=6 0000: 04 04 10 fd 2c 08 ....,. <= get_ctrls: n=2 rc=0 err="" attrs: sncertnr conn=1000 op=2 SRCH base="o=CustomerCA,c=de" scope=2 deref=0 filter="(objectClass=*)" conn=1000 op=2 SRCH attr=sncertnr ==> sssvlv_search: <o=CustomerCA,c=de> (objectClass=*), control flag: 3 => bdb_entry_get: ndn: "cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9008,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => bdb_entry_get: ndn: "cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "cn=rüger ottoser:9009,ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 => bdb_entry_get: ndn: "o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("o=customerca,c=de") => bdb_entry_get: found entry: "o=customerca,c=de" bdb_entry_get: rc=0 => bdb_entry_get: ndn: "ou=testsuite,o=customerca,c=de" => bdb_entry_get: oc: "(null)", at: "(null)" bdb_dn2entry("ou=testsuite,o=customerca,c=de") => bdb_entry_get: found entry: "ou=testsuite,o=customerca,c=de" bdb_entry_get: rc=0 send_ldap_result: conn=1000 op=2 p=3 send_ldap_result: err=4 matched="" text="" send_ldap_response: msgid=3 tag=101 err=4 ber_flush2: 14 bytes to sd 11 0000: 30 0c 02 01 03 65 07 0a 01 04 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 03 65 07 0a 01 04 04 00 04 00 0....e........ conn=1000 op=2 SEARCH RESULT tag=101 err=4 nentries=0 text= daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 2 descriptors daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 04 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x82d1130 ptr=0x82d1130 end=0x82d1135 len=5 0000: 02 01 04 42 00 ...B. op tag 0x42, time 1274861156 ber_get_next ldap_read: want=8, got=0
ber_get_next on fd 11 failed errno=0 (Success) connection_read(11): input error=-2 id=1000, closing. connection_closing: readying conn=1000 sd=11 for close connection_close: deferring conn=1000 sd=11 conn=1000 op=3 do_unbind conn=1000 op=3 UNBIND connection_resched: attempting closing conn=1000 sd=11 connection_close: conn=1000 sd=11 daemon: removing 11 conn=1000 fd=11 closed daemon: epoll: listen=7 active_threads=0 tvp=NULL
Sending the search request again blocks the server; see output on client side:
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/0/1 #
# search result search: 2 result: 51 Server is busy text: Other sort requests already in progress
# numResponses: 1
The corresponding server debug output looks like this:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7):
slap_listener(ldap://0.0.0.0:9389/)
daemon: listen=7, new connection on 11 daemon: added 11r (active) listener=(nil) conn=1001 fd=11 ACCEPT from IP=127.0.0.1:37542 (IP=0.0.0.0:9389) daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1001 connection_read(11): checking for input on id=1001 ber_get_next ldap_read: want=8, got=8 0000: 30 23 02 01 01 60 1e 02 0#...`.. ldap_read: want=29, got=29 0000: 01 03 04 10 63 6e 3d 6f 70 65 6e 6c 64 61 70 61 ....cn=openldapa 0010: 64 6d 69 6e 80 07 77 65 6c 63 6f 6d 65 dmin..welcome ber_get_next: tag 0x30 len 35 contents: ber_dump: buf=0x82cfcb8 ptr=0x82cfcb8 end=0x82cfcdb len=35 0000: 02 01 01 60 1e 02 01 03 04 10 63 6e 3d 6f 70 65 ...`......cn=ope 0010: 6e 6c 64 61 70 61 64 6d 69 6e 80 07 77 65 6c 63 nldapadmin..welc 0020: 6f 6d 65 ome op tag 0x60, time 1274862065 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1001 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x82cfcb8 ptr=0x82cfcbb end=0x82cfcdb len=32 0000: 60 1e 02 01 03 04 10 63 6e 3d 6f 70 65 6e 6c 64 `......cn=openld 0010: 61 70 61 64 6d 69 6e 80 07 77 65 6c 63 6f 6d 65 apadmin..welcome ber_scanf fmt (m}) ber: ber_dump: buf=0x82cfcb8 ptr=0x82cfcd2 end=0x82cfcdb len=9 0000: 00 07 77 65 6c 63 6f 6d 65 ..welcome
dnPrettyNormal: <cn=openldapadmin>
=> ldap_bv2dn(cn=openldapadmin,0) <= ldap_bv2dn(cn=openldapadmin)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=openldapadmin)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=openldapadmin)=0 <<< dnPrettyNormal: <cn=openldapadmin>, <cn=openldapadmin> conn=1001 op=0 BIND dn="cn=openldapadmin" method=128 do_bind: version=3 dn="cn=openldapadmin" method=128 ==> bdb_bind: dn: cn=openldapadmin conn=1001 op=0 BIND dn="cn=openldapadmin" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=openldapadmin" to "cn=openldapadmin" send_ldap_result: conn=1001 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 11 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ conn=1001 op=0 RESULT tag=97 err=0 text= daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1001 connection_read(11): checking for input on id=1001 ber_get_next ldap_read: want=8, got=8 0000: 30 81 9f 02 01 02 63 3b 0.....c; ldap_read: want=154, got=154 0000: 04 11 6f 3d 43 75 73 74 6f 6d 65 72 43 41 2c 63 ..o=CustomerCA,c 0010: 3d 64 65 0a 01 02 0a 01 00 02 01 00 02 01 00 01 =de............. 0020: 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 ....objectclass0 0030: 0a 04 08 73 6e 63 65 72 74 6e 72 a0 5d 30 2b 04 ...sncertnr.]0+. 0040: 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e .1.2.840.113556. 0050: 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 0a 1.4.473.....0.0. 0060: 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 17 32 2e ..sncertnr0...2. 0070: 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 16.840.1.113730. 0080: 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 01 00 02 3.4.9.....0..... 0090: 01 09 a0 06 02 01 00 02 01 01 .......... ber_get_next: tag 0x30 len 159 contents: ber_dump: buf=0x82d01e0 ptr=0x82d01e0 end=0x82d027f len=159 0000: 02 01 02 63 3b 04 11 6f 3d 43 75 73 74 6f 6d 65 ...c;..o=Custome 0010: 72 43 41 2c 63 3d 64 65 0a 01 02 0a 01 00 02 01 rCA,c=de........ 0020: 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 .........objectc 0030: 6c 61 73 73 30 0a 04 08 73 6e 63 65 72 74 6e 72 lass0...sncertnr 0040: a0 5d 30 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 .]0+..1.2.840.11 0050: 33 35 35 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 3556.1.4.473.... 0060: 0e 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 .0.0...sncertnr0 0070: 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 ...2.16.840.1.11 0080: 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30 3730.3.4.9.....0 0090: 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 ............... op tag 0x63, time 1274862065 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1001 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x82d01e0 ptr=0x82d01e3 end=0x82d027f len=156 0000: 63 3b 04 11 6f 3d 43 75 73 74 6f 6d 65 72 43 41 c;..o=CustomerCA 0010: 2c 63 3d 64 65 0a 01 02 0a 01 00 02 01 00 02 01 ,c=de........... 0020: 00 01 01 00 87 0b 6f 62 6a 65 63 74 63 6c 61 73 ......objectclas 0030: 73 30 0a 04 08 73 6e 63 65 72 74 6e 72 a0 5d 30 s0...sncertnr.]0 0040: 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 +..1.2.840.11355 0050: 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 6.1.4.473.....0. 0060: 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 17 0...sncertnr0... 0070: 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 2.16.840.1.11373 0080: 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 01 0.3.4.9.....0... 0090: 00 02 01 09 a0 06 02 01 00 02 01 01 ............
dnPrettyNormal: <o=CustomerCA,c=de>
=> ldap_bv2dn(o=CustomerCA,c=de,0) <= ldap_bv2dn(o=CustomerCA,c=de)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=CustomerCA,c=de)=0 => ldap_dn2bv(272) <= ldap_dn2bv(o=customerca,c=de)=0 <<< dnPrettyNormal: <o=CustomerCA,c=de>, <o=customerca,c=de> SRCH "o=CustomerCA,c=de" 2 0 0 0 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d0207 end=0x82d027f len=120 0000: 87 0b 6f 62 6a 65 63 74 63 6c 61 73 73 30 0a 04 ..objectclass0.. 0010: 08 73 6e 63 65 72 74 6e 72 a0 5d 30 2b 04 16 31 .sncertnr.]0+..1 0020: 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 2e 31 2e .2.840.113556.1. 0030: 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 0a 04 08 4.473.....0.0... 0040: 73 6e 63 65 72 74 6e 72 30 2e 04 17 32 2e 31 36 sncertnr0...2.16 0050: 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 2e 33 2e .840.1.113730.3. 0060: 34 2e 39 01 01 ff 04 10 30 0e 02 01 00 02 01 09 4.9.....0....... 0070: a0 06 02 01 00 02 01 01 ........ end get_filter 0 filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x82d01e0 ptr=0x82d0214 end=0x82d027f len=107 0000: 00 0a 04 08 73 6e 63 65 72 74 6e 72 a0 5d 30 2b ....sncertnr.]0+ 0010: 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 35 36 ..1.2.840.113556 0020: 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 0c 30 .1.4.473.....0.0 0030: 0a 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 17 32 ...sncertnr0...2 0040: 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 33 30 .16.840.1.113730 0050: 2e 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 01 00 .3.4.9.....0.... 0060: 02 01 09 a0 06 02 01 00 02 01 01 ........... => get_ctrls ber_scanf fmt ({m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d0222 end=0x82d027f len=93 0000: 30 2b 04 16 31 2e 32 2e 38 34 30 2e 31 31 33 35 0+..1.2.840.1135 0010: 35 36 2e 31 2e 34 2e 34 37 33 01 01 ff 04 0e 30 56.1.4.473.....0 0020: 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 30 2e 04 .0...sncertnr0.. 0030: 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 31 33 37 .2.16.840.1.1137 0040: 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 30 0e 02 30.3.4.9.....0.. 0050: 01 00 02 01 09 a0 06 02 01 00 02 01 01 ............. ber_scanf fmt (b) ber: ber_dump: buf=0x82d01e0 ptr=0x82d023c end=0x82d027f len=67 0000: 00 01 ff 04 0e 30 0c 30 0a 04 08 73 6e 63 65 72 .....0.0...sncer 0010: 74 6e 72 30 2e 04 17 32 2e 31 36 2e 38 34 30 2e tnr0...2.16.840. 0020: 31 2e 31 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 1.113730.3.4.9.. 0030: ff 04 10 30 0e 02 01 00 02 01 09 a0 06 02 01 00 ...0............ 0040: 02 01 01 ... ber_scanf fmt (m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d023f end=0x82d027f len=64 0000: 04 0e 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 ..0.0...sncertnr 0010: 30 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 0...2.16.840.1.1 0020: 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 13730.3.4.9..... 0030: 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 0............... => get_ctrls: oid="1.2.840.113556.1.4.473" (critical) ber_scanf fmt ({) ber: ber_dump: buf=0x82d0241 ptr=0x82d0241 end=0x82d024f len=14 0000: 30 0c 30 0a 04 08 73 6e 63 65 72 74 6e 72 0.0...sncertnr ber_scanf fmt ({) ber: ber_dump: buf=0x82d0241 ptr=0x82d0243 end=0x82d024f len=12 0000: 30 0a 04 08 73 6e 63 65 72 74 6e 72 0...sncertnr ber_scanf fmt (m) ber: ber_dump: buf=0x82d0241 ptr=0x82d0245 end=0x82d024f len=10 0000: 04 08 73 6e 63 65 72 74 6e 72 ..sncertnr ber_scanf fmt (}) ber: ber_dump: buf=0x82d0241 ptr=0x82d024f end=0x82d024f len=0
ber_scanf fmt ({m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d024f end=0x82d027f len=48 0000: 00 2e 04 17 32 2e 31 36 2e 38 34 30 2e 31 2e 31 ....2.16.840.1.1 0010: 31 33 37 33 30 2e 33 2e 34 2e 39 01 01 ff 04 10 13730.3.4.9..... 0020: 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 0............... ber_scanf fmt (b) ber: ber_dump: buf=0x82d01e0 ptr=0x82d026a end=0x82d027f len=21 0000: 00 01 ff 04 10 30 0e 02 01 00 02 01 09 a0 06 02 .....0.......... 0010: 01 00 02 01 01 ..... ber_scanf fmt (m) ber: ber_dump: buf=0x82d01e0 ptr=0x82d026d end=0x82d027f len=18 0000: 04 10 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 ..0............. 0010: 01 01 .. => get_ctrls: oid="2.16.840.1.113730.3.4.9" (critical) ber_scanf fmt ({ii) ber: ber_dump: buf=0x82d026f ptr=0x82d026f end=0x82d027f len=16 0000: 30 0e 02 01 00 02 01 09 a0 06 02 01 00 02 01 01 0............... ber_scanf fmt ({ii}) ber: ber_dump: buf=0x82d026f ptr=0x82d0277 end=0x82d027f len=8 0000: a0 06 02 01 00 02 01 01 ........ <= get_ctrls: n=2 rc=0 err="" attrs: sncertnr conn=1001 op=1 SRCH base="o=CustomerCA,c=de" scope=2 deref=0 filter="(objectClass=*)" conn=1001 op=1 SRCH attr=sncertnr ==> sssvlv_search: <o=CustomerCA,c=de> (objectClass=*), control flag: 3 send_ldap_result: conn=1001 op=1 p=3 send_ldap_result: err=51 matched="" text="Other sort requests already in progress" send_ldap_response: msgid=2 tag=101 err=51 ber_flush2: 53 bytes to sd 11 0000: 30 33 02 01 02 65 2e 0a 01 33 04 00 04 27 4f 74 03...e...3...'Ot 0010: 68 65 72 20 73 6f 72 74 20 72 65 71 75 65 73 74 her sort request 0020: 73 20 61 6c 72 65 61 64 79 20 69 6e 20 70 72 6f s already in pro 0030: 67 72 65 73 73 gress ldap_write: want=53, written=53 0000: 30 33 02 01 02 65 2e 0a 01 33 04 00 04 27 4f 74 03...e...3...'Ot 0010: 68 65 72 20 73 6f 72 74 20 72 65 71 75 65 73 74 her sort request 0020: 73 20 61 6c 72 65 61 64 79 20 69 6e 20 70 72 6f s already in pro 0030: 67 72 65 73 73 gress conn=1001 op=1 SEARCH RESULT tag=101 err=51 nentries=0 text=Other sort requests already in progress daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: 11r daemon: read active on 11 connection_get(11) connection_get(11): got connid=1001 connection_read(11): checking for input on id=1001 ber_get_next ldap_read: want=8, got=7 0000: 30 05 02 01 03 42 00 0....B. ber_get_next: tag 0x30 len 5 contents: ber_dump: buf=0x82d01e0 ptr=0x82d01e0 end=0x82d01e5 len=5 0000: 02 01 03 42 00 ...B. op tag 0x42, time 1274862065 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1001 op=2 do_unbind conn=1001 op=2 UNBIND connection_closing: readying conn=1001 sd=11 for close connection_resched: attempting closing conn=1001 sd=11 connection_close: conn=1001 sd=11 daemon: removing 11 conn=1001 fd=11 closed daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Any ideas?
Regards, Hartmut
-----Ursprüngliche Nachricht----- Von: openldap-technical-bounces+hartmut.lehnert=secunet.com@OpenLDAP.org [mailto:openldap-technical-bounces+hartmut.lehnert=secunet.com@OpenLDAP.org] Im Auftrag von Dieter Kluenter Gesendet: Dienstag, 25. Mai 2010 18:26 An: openldap-technical@openldap.org Betreff: Re: use of server-side sorting and virtual list view controlsblocks slapd
Am Tue, 25 May 2010 16:16:52 +0200 hi Hartmut,
schrieb "Lehnert, Hartmut" Hartmut.Lehnert@secunet.com:
Hi Dieter! We tried Sizelimit unlimited
Limits have to be defined on both sides server side and client side.
In slapd.conf, but the effect is the same, slapd answers "size limit exceeded". The search request command is
/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s children -E!sss="sncertnr:2.5.13.3" -E!vlv="0/9/0/1:objectclass=SN-ISIS-MTT-MainCert" "objectclass=*" sncertnr
Is the ordering matching rule caseIgnoreOrderingMatch (oid 2.5.13.3) correct for sncertnr attribute type? Why are you adding objectclass0* to your search string?
Besides this effect we only have 10 records stored in the LDAP database ;-)
OK, then something weird is happening, could you run slapd in debugging mode?
For the supported features see the following list:
openldap@ocsp-openldap24:~/openldap-snacc-2.3.6/c-lib> /home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b "" -s base +
[...]
The OID 1.3.6.1.4.1.4203.666.8.1 is missing here but this OID is marked as kind of experimental. Why do I need this feature and how can I enable this?
Your search scope is defined as '-s children', the oid of this feature is the above mentioned oid. Your compiled slapd version does not understand -s children, thus applying default setting of -s sub, you probably should apply -s one.
-Dieter
"Lehnert, Hartmut" Hartmut.Lehnert@secunet.com writes:
Hi Dieter!
I use the search command
/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s sub -E!sss="sncertnr" -E!vlv="0/9/0/1:objectclass=SN-ISIS-MTT-MainCert" sncertnr
I just wonder that you don't get an error, something like: result: 18 Inappropriate matching text: serverSort control: No ordering rule because you don't provide an ordering rule for sncertnr
On client side this looks like as follows:
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/0/1 #
# R\C3\BCger OttoSER:9000, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9000
[SNcertNr: from 9001 to 9008]
# R\C3\BCger OttoSER:9009, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwOSxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9009
# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success control: 2.16.840.1.113730.3.4.10 false MA8CAQACAQwCAQAEBBD9LAg= vlvResult: pos=0 count=12 context=EP0sCA== (0) Success # numResponses: 11 # numEntries: 10 Press [before/after(/offset/count|:value)] Enter for the next window.
According to your virtual view values you require 9 entries, out of 12 and you recieved 10 Did you press Return in oder to present the next entries out of a total of 12?
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/9/12 #
# search result search: 3 result: 4 Size limit exceeded
# numResponses: 1
It seems you have started a new search without interrupting the previous search.
Debug output of the slapd server that concerns to this request:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7):
slap_listener(ldap://0.0.0.0:9389/)
daemon: listen=7, new connection on 11 daemon: added 11r (active) listener=(nil) conn=1000 fd=11 ACCEPT from IP=127.0.0.1:44124 (IP=0.0.0.0:9389)
[...]
conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=10 text=
For connection 10 entries were found
[...]
ber_get_next on fd 11 failed errno=0 (Success) connection_read(11): input error=-2 id=1000, closing. connection_closing: readying conn=1000 sd=11 for close connection_close: deferring conn=1000 sd=11 conn=1000 op=3 do_unbind conn=1000 op=3 UNBIND connection_resched: attempting closing conn=1000 sd=11 connection_close: conn=1000 sd=11 daemon: removing 11 conn=1000 fd=11 closed daemon: epoll: listen=7 active_threads=0 tvp=NULL
Here connection 1000 got unbind and the connection has been closed, and 0 active threads.
Sending the search request again blocks the server; see output on client side:
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/0/1 #
# search result search: 2 result: 51 Server is busy text: Other sort requests already in progress
The corresponding server debug output looks like this:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7):
slap_listener(ldap://0.0.0.0:9389/)
daemon: listen=7, new connection on 11 daemon: added 11r (active) listener=(nil) conn=1001 fd=11 ACCEPT from IP=127.0.0.1:37542 (IP=0.0.0.0:9389)
[...]
conn=1001 op=0 BIND dn="cn=openldapadmin" method=128 do_bind: version=3 dn="cn=openldapadmin" method=128 ==> bdb_bind: dn: cn=openldapadmin conn=1001 op=0 BIND dn="cn=openldapadmin" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=openldapadmin" to "cn=openldapadmin" send_ldap_result: conn=1001 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0
[...]
=> get_ctrls: oid="2.16.840.1.113730.3.4.9" (critical) ber_scanf fmt ({ii) ber:
[...]
conn=1001 op=1 SEARCH RESULT tag=101 err=51 nentries=0 text=Other sort requests already in progress
ldap_read: want=8 error=Resource temporarily unavailable conn=1001 op=2 do_unbind conn=1001 op=2 UNBIND connection_closing: readying conn=1001 sd=11 for close connection_resched: attempting closing conn=1001 sd=11 connection_close: conn=1001 sd=11 daemon: removing 11 conn=1001 fd=11 closed
I must admit I have no clue, and I cannot reproduce, neither on openldap-2.4.21 nor on openldap HEAD.
Could you please try without criticallity? that is without exclamation mark (!).
-Dieter
Hello Dieter! I got the error "serverSort control: No ordering rule" before I altered the LDAP schema adding an ordering rule:
attributetype ( OCSP-R-LDAP-attributetype:10 NAME 'SNcertNr' DESC 'secunet OCSP-R-LDAP-attributetype:10' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
After receiving 10 entries on client side I press "enter" but after that the client immediately outputs the "sizelimit exceeded stuff".
It doesn't matter if I mark the extensions as critical or not: the effect remains the same ("sizelimit exceeded").
Regards, Hartmut
-----Ursprüngliche Nachricht----- Von: openldap-technical-bounces+hartmut.lehnert=secunet.com@OpenLDAP.org [mailto:openldap-technical-bounces+hartmut.lehnert=secunet.com@OpenLDAP.org] Im Auftrag von Dieter Kluenter Gesendet: Mittwoch, 26. Mai 2010 18:37 An: openldap-technical@openldap.org Betreff: Re: use of server-side sorting and virtual list view controlsblocksslapd
"Lehnert, Hartmut" Hartmut.Lehnert@secunet.com writes:
Hi Dieter!
I use the search command
/home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s sub -E!sss="sncertnr" -E!vlv="0/9/0/1:objectclass=SN-ISIS-MTT-MainCert" sncertnr
I just wonder that you don't get an error, something like: result: 18 Inappropriate matching text: serverSort control: No ordering rule because you don't provide an ordering rule for sncertnr
On client side this looks like as follows:
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/0/1 #
# R\C3\BCger OttoSER:9000, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9000
[SNcertNr: from 9001 to 9008]
# R\C3\BCger OttoSER:9009, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwOSxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9009
# search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success control: 2.16.840.1.113730.3.4.10 false MA8CAQACAQwCAQAEBBD9LAg= vlvResult: pos=0 count=12 context=EP0sCA== (0) Success # numResponses: 11 # numEntries: 10 Press [before/after(/offset/count|:value)] Enter for the next window.
According to your virtual view values you require 9 entries, out of 12 and you recieved 10 Did you press Return in oder to present the next entries out of a total of 12?
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/9/12 #
# search result search: 3 result: 4 Size limit exceeded
# numResponses: 1
It seems you have started a new search without interrupting the previous search.
Debug output of the slapd server that concerns to this request:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7):
slap_listener(ldap://0.0.0.0:9389/)
daemon: listen=7, new connection on 11 daemon: added 11r (active) listener=(nil) conn=1000 fd=11 ACCEPT from IP=127.0.0.1:44124 (IP=0.0.0.0:9389)
[...]
conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=10 text=
For connection 10 entries were found
[...]
ber_get_next on fd 11 failed errno=0 (Success) connection_read(11): input error=-2 id=1000, closing. connection_closing: readying conn=1000 sd=11 for close connection_close: deferring conn=1000 sd=11 conn=1000 op=3 do_unbind conn=1000 op=3 UNBIND connection_resched: attempting closing conn=1000 sd=11 connection_close: conn=1000 sd=11 daemon: removing 11 conn=1000 fd=11 closed daemon: epoll: listen=7 active_threads=0 tvp=NULL
Here connection 1000 got unbind and the connection has been closed, and 0 active threads.
Sending the search request again blocks the server; see output on client side:
# extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope subtree # filter: (objectclass=*) # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/9/0/1 #
# search result search: 2 result: 51 Server is busy text: Other sort requests already in progress
The corresponding server debug output looks like this:
daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7):
slap_listener(ldap://0.0.0.0:9389/)
daemon: listen=7, new connection on 11 daemon: added 11r (active) listener=(nil) conn=1001 fd=11 ACCEPT from IP=127.0.0.1:37542 (IP=0.0.0.0:9389)
[...]
conn=1001 op=0 BIND dn="cn=openldapadmin" method=128 do_bind: version=3 dn="cn=openldapadmin" method=128 ==> bdb_bind: dn: cn=openldapadmin conn=1001 op=0 BIND dn="cn=openldapadmin" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=openldapadmin" to "cn=openldapadmin" send_ldap_result: conn=1001 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0
[...]
=> get_ctrls: oid="2.16.840.1.113730.3.4.9" (critical) ber_scanf fmt ({ii) ber:
[...]
conn=1001 op=1 SEARCH RESULT tag=101 err=51 nentries=0 text=Other sort requests already in progress
ldap_read: want=8 error=Resource temporarily unavailable conn=1001 op=2 do_unbind conn=1001 op=2 UNBIND connection_closing: readying conn=1001 sd=11 for close connection_resched: attempting closing conn=1001 sd=11 connection_close: conn=1001 sd=11 daemon: removing 11 conn=1001 fd=11 closed
I must admit I have no clue, and I cannot reproduce, neither on openldap-2.4.21 nor on openldap HEAD.
Could you please try without criticallity? that is without exclamation mark (!).
-Dieter
"Lehnert, Hartmut" Hartmut.Lehnert@secunet.com writes:
Hello Dieter! I got the error "serverSort control: No ordering rule" before I altered the LDAP schema adding an ordering rule:
attributetype ( OCSP-R-LDAP-attributetype:10 NAME 'SNcertNr' DESC 'secunet OCSP-R-LDAP-attributetype:10' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
After receiving 10 entries on client side I press "enter" but after that the client immediately outputs the "sizelimit exceeded stuff".
It doesn't matter if I mark the extensions as critical or not: the effect remains the same ("sizelimit exceeded").
I must admit, I have no clue. I just can't reproduce this error on my systems.
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Lehnert, Hartmut