[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: disable simple paged results control support?!
On Thu, 27 Aug 2015, Igor Shmukler wrote:
olcSizeLimit: size.prtotal=disabled
What is wrong with the LDIF? It was successfully applied using
ldapmodify(1), yet my server still does not throw an unsupported
control, instead providing clients with paged results.
You can see how prtotal=disabled is supposed to work with test025, e.g.
$ ../clients/tools/ldapsearch -P 3 -x -S uid -b 'dc=example,dc=com' -h localhost -p 9011 -w secret -D 'cn=Paged Results Disabled User,ou=Paged Results Users,dc=example,dc=com' -E '!pr=5/noprompt' -b 'dc=example,dc=com' '(objectClass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
# with pagedResults critical control: size=5
#
# search result
search: 2
result: 11 Administrative limit exceeded
text: pagedResults control not allowed
# numResponses: 1
so perhaps turn up your slapd logging and see if you're sending that
result. And you mention "unsupported control," but these are
administrative limits, it's not like this deletes the code from slapd. For
example again with test025 and assuming you don't --enable-sssvlv=yes:
$ ../clients/tools/ldapsearch -P 3 -x -S uid -b 'dc=example,dc=com' -h localhost -p 9011 -E '!sss=mail:caseIgnoreIA5Match' -b 'dc=example,dc=com' '(objectClass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectClass=*)
# requesting: ALL
# with server side sorting critical control
#
# search result
search: 2
result: 12 Critical extension is unavailable
text: critical extension is not recognized
# numResponses: 1
Note that one practical, albeit somewhat evil, method to deal with
confused clients can be to disallow them access to the supportedControl.
# VLV, for instance
access to dn.exact=""
attrs=supportedControl
val/objectIdentifierMatch.exact=2.16.840.1.113730.3.4.9
by <foolishClient> none