[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: disable simple paged results control support?!



On Thu, 27 Aug 2015, Igor Shmukler wrote:

olcSizeLimit: size.prtotal=disabled

What is wrong with the LDIF? It was successfully applied using
ldapmodify(1), yet my server still does not throw an unsupported
control, instead providing clients with paged results.

You can see how prtotal=disabled is supposed to work with test025, e.g.

$ ../clients/tools/ldapsearch -P 3 -x -S uid -b 'dc=example,dc=com' -h localhost -p 9011 -w secret -D 'cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com' -E '!pr=5/noprompt' -b 'dc=example,dc=com'  '(objectClass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
# with pagedResults critical control: size=5
#

# search result
search: 2
result: 11 Administrative limit exceeded
text: pagedResults control not allowed

# numResponses: 1


so perhaps turn up your slapd logging and see if you're sending that result. And you mention "unsupported control," but these are administrative limits, it's not like this deletes the code from slapd. For example again with test025 and assuming you don't --enable-sssvlv=yes:

$ ../clients/tools/ldapsearch -P 3 -x -S uid -b 'dc=example,dc=com' -h localhost -p 9011 -E '!sss=mail:caseIgnoreIA5Match' -b 'dc=example,dc=com'  '(objectClass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
# with server side sorting critical control
#

# search result
search: 2
result: 12 Critical extension is unavailable
text: critical extension is not recognized

# numResponses: 1


Note that one practical, albeit somewhat evil, method to deal with confused clients can be to disallow them access to the supportedControl.

# VLV, for instance
access to dn.exact=""
        attrs=supportedControl
        val/objectIdentifierMatch.exact=2.16.840.1.113730.3.4.9
        by <foolishClient> none