Hi all, We encounter a problem using server-side sort and
virtual list view controls in our search requests. After sending one search
requests the slapd remains busy until it is restarted: Executing the command /home/openldap/openldap- Generates the following output: # extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope children # filter: objectclass=* # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/0/1/0 # # R\C3\BCger OttoSER:9000, testsuite, CustomerCA, de dn::
Y249UsO8Z2VyIE90dG9TRVI6OTAwMCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9000 # search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success control: 2.16.840.1.113730. vlvResult: pos=1 count=11 context=kHgsCA== (0)
Success # numResponses: 2 # numEntries: 1 Press [before/after(/offset/count|:value)] Enter for
the next window. # extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope children # filter: objectclass=* # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/0/1/11 # # search result search: 3 result: 4 Size limit exceeded # numResponses: 1 Why is the size limit exceeded here? Executing the same command once more produces the
following output: # extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope children # filter: objectclass=* # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/0/1/0 # # search result search: 2 result: 51 Server is busy text: Other sort requests already in progress # numResponses: 1 Now slapd doesn’t accept sssvlv requests
anymore, it has to be restarted. Here is the content of slapd.conf: # # See slapd.conf(5) for details on configuration
options. # This file should NOT be world readable. # include
/home/openldap/openldap- include
/home/openldap/openldap- include
/home/openldap/openldap- # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a
working directory # service AND an understanding of referrals. #referral
ldap://root.openldap.org pidfile
/home/openldap/openldap- argsfile
/home/openldap/openldap- # Load dynamic backend modules: modulepath
/home/openldap/openldap- # modulepath
/usr/local/libexec/openldap moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # moduleload
/home/openldap/openldap- # moduleload
/home/openldap/openldap- # moduleload compmatch.la # overlay server-side-sorting + virtual list view: overlay sssvlv # Sets the maximum number of
concurrent sort requests allowed # across all connections; the default is one half of
the number of # server threads: sssvlv-max 8 # Sets the maximum number of keys allowed
in a sort request; the # default is 5: sssvlv-maxkeys 5 # Sample security restrictions # Require
integrity protection (prevent hijacking) # Require 112-bit
(3DES or better) encryption for updates # Require 63-bit
encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow
anyone to read it # Subschema
(sub)entry DSE: allow anyone to read it # Other DSEs: # Allow
self write access #
Allow authenticated users read access #
Allow anonymous users to authenticate # Directives
needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by *
read # access to * # by self write # by users read # by anonymous
auth # # if no access controls are present, the default
policy # allows anyone and everyone to read anything but
restricts # updates to rootdn. (e.g., "access to * by
* read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database
bdb suffix
"" rootdn
"cn=openldapadmin" # Cleartext passwords, especially for the rootdn,
should # be avoid. See slappasswd(8) and slapd.conf(5)
for details. # Use of strong authentication encouraged. rootpw
welcome # The database directory MUST exist prior to running
slapd AND # should only be accessible by the slapd and slap
tools. # Mode 700 recommended. directory
/home/openldap/openldap- # Indices to maintain index objectClass
eq index
c eq index
o eq index ou eq index
sncertnr eq index
sncerthash eq index snissuerkeyhash eq index
snissuernamehash eq Does anybody have an idea? Executing this command against a Sun DS 6 server
doesn’t generate this problem. Regards, Hartmut |