[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7008) paged results against ldap-proxy errors with 'cookie is invalid'

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7008) paged results against ldap-proxy errors with 'cookie is invalid'
From: whm@stanford.edu
Date: Mon, 8 Aug 2011 23:28:55 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)


--On Tuesday, August 02, 2011 02:16:27 PM -0700 Howard Chu <hyc@symas.com> wrote:

> whm@stanford.edu wrote:
>> --On Tuesday, August 02, 2011 11:03:24 AM -0700 Quanah Gibson-Mount<quanah@zimbra.com>  wrote:
>>
>>> --On Tuesday, August 02, 2011 5:54 PM +0000 whm@stanford.edu wrote:
>>>>>> Your log shows that the subsequent search request initiates a new
>>>>>> Bind to the remote server, which implies that it's not re-using the
>>>>>> same connection as the first request. Since a paged results cookie
>>>>>> is only valid within the context of a single connection, you get
>>>>>> this error result.
>>>>>
>>>>> Not sure which log you are looking at.  When I look at the log:
>>>>>
>>>>> http://www.stanford.edu/~whm/files/ldap-debugging/slapd-trace-paged-resu
>>>>> lts.log.gz
>>>>>
>>>>> The only connection I see in the log is conn=1000 and it ends with:
>>>>>
>>>>> conn=1000 op=5 SEARCH RESULT tag=101 err=2 nentries=0 text=paged results
>>>>> cookie is invalid ldap_read: want=8, got=7
>>>>>    0000:  30 05 02 01 07 42 00                               0....B.
>>>>> ldap_read: want=8, got=0
>>>>>
>>>>> conn=1000 op=6 UNBIND
>>>>> conn=1000 fd=11 closed
>>>>>
>>>>> These tests where made with a single ldapsearch request.  The ldapsearch
>>>>> tests fail when using the proxy and succeed when connecting directly to
>>>>> the LDAP server with the database on it.
>>>>>
>>>>> A side node: the test case I submitted used ldapsearch, but the
>>>>> problem was uncovered using a python application that is used for
>>>>> syncing Gmail account data.
>>>>>
>>>>> Bill
>>>>
>>>> I have copied the backend server configuration to
>>>> http://www.stanford.edu/~whm/files/ldap-debugging/.  I dumped an
>>>> copy of cn=config and there is a files based version the in ldap
>>>> subdirectory as well.
>>>
>>> Where's the configuration for the slapd-ldap server?  That's of the
>>> most importance...
>>>
>>> --Quanah
>>
>> Of course, sorry about that.  I have copied the files to the web site.
>
> Sounds like this may be related to ITS#6817. Please try adding a
> dummy binddn to your idassert-bind directive and re-test.

I modified the configuration to include:

idassert-bind bindmethod=SASL
              saslmech=GSSAPI
              mode=none
              binddn=cn=auth

I am stilling getting the invalid-cookie error.

 % ldapsearch -E pr=1000/noprompt -x -b "cn=people,dc=stanford,dc=edu" -h localhost "(&(objectclass=suPerson)(suVisibIdentity=world))" ou telephonenumber title
 ...lots of entries...
 # search result
 search: 2
 result: 0 Success
 control: 1.2.840.113556.1.4.319 false MA0CAQAECGIdAAAAAAAA
 pagedresults: cookie=Yh0AAAAAAAA=
 # extended LDIF
 #
 # LDAPv3
 # base <cn=people,dc=stanford,dc=edu> with scope subtree
 # filter: (&(objectclass=suPerson)(suVisibIdentity=world))
 # requesting: ou telephonenumber title
 # with pagedResults control: size=1000
 #

 # search result
 search: 3
 result: 2 Protocol error
 text: paged results cookie is invalid

 # numResponses: 1002
 # numEntries: 1000

Bill

-- 

Bill MacAllister
Infrastructure Delivery Group, Stanford University

Prev by Date: (ITS#7013) OpenLDAP freezes and doesn't respond
Next by Date: Re: (ITS#7008) paged results against ldap-proxy errors with 'cookie is invalid'
Index(es):
- Chronological
- Thread