|
Hi again, Here the logfile from a search process. The Server find the right entry, but then search till all entries are touched…. Any ideas? ------------------------------------------ 55e6fd47 daemon: activity on 1 descriptor 55e6fd47 daemon: activity on:55e6fd47 16r55e6fd47 55e6fd47 daemon: read active on 16 55e6fd47 daemon: epoll: listen=7 active_threads=0 tvp=zero 55e6fd47 daemon: epoll: listen=8 active_threads=0 tvp=zero 55e6fd47 connection_get(16) 55e6fd47 connection_get(16): got connid=1000 55e6fd47 connection_read(16): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 81 82 02 01 0d 63 7d 0.....c} ldap_read: want=125, got=125 0000: 04 26 64 63 3d 6f 72 67 61 6e 69 7a 61 74 69 6f .&dc=organizatio 0010: 6e 73 2c 64 63 3d 76 66 6b 2c 64 63 3d 6c 64 61 ns,dc=vfk,dc=lda 0020: 70 2c 64 63 3d 63 6f 6d 0a 01 01 0a 01 00 02 02 p,dc=com........ 0030: 03 e8 02 01 00 01 01 00 a0 34 a3 12 04 01 6f 04 .........4....o. 0040: 0d 6f 72 67 61 6e 69 73 61 74 69 6f 6e 31 a3 1e .organisation1.. 0050: 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 0f 76 ..objectClass..v 0060: 66 6b 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 30 0d fkOrganization0. 0070: 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 ..objectClass ber_get_next: tag 0x30 len 130 contents: ber_dump: buf=0x7f0fbc106140 ptr=0x7f0fbc106140 end=0x7f0fbc1061c2 len=130 0000: 02 01 0d 63 7d 04 26 64 63 3d 6f 72 67 61 6e 69 ...c}.&dc=organi 0010: 7a 61 74 69 6f 6e 73 2c 64 63 3d 76 66 6b 2c 64 zations,dc=vfk,d 0020: 63 3d 6c 64 61 70 2c 64 63 3d 63 6f 6d 0a 01 01 c=ldap,dc=com... 0030: 0a 01 00 02 02 03 e8 02 01 00 01 01 00 a0 34 a3 ..............4. 0040: 12 04 01 6f 04 0d 6f 72 67 61 6e 69 73 61 74 69 ...o..organisati 0050: 6f 6e 31 a3 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 on1....objectCla 0060: 73 73 04 0f 76 66 6b 4f 72 67 61 6e 69 7a 61 74 ss..vfkOrganizat 0070: 69 6f 6e 30 0d 04 0b 6f 62 6a 65 63 74 43 6c 61 ion0...objectCla 0080: 73 73 ss 55e6fd47 op tag 0x63, time 1441201479 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 55e6fd47 daemon: activity on 1 descriptor 55e6fd47 daemon: activity on:55e6fd47 55e6fd47 daemon: epoll: listen=7 active_threads=0 tvp=zero 55e6fd47 daemon: epoll: listen=8 active_threads=0 tvp=zero 55e6fd47 conn=1000 op=12 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x7f0fbc106140 ptr=0x7f0fbc106143 end=0x7f0fbc1061c2 len=127 0000: 63 7d 04 26 64 63 3d 6f 72 67 61 6e 69 7a 61 74 c}.&dc=organizat 0010: 69 6f 6e 73 2c 64 63 3d 76 66 6b 2c 64 63 3d 6c ions,dc=vfk,dc=l 0020: 64 61 70 2c 64 63 3d 63 6f 6d 0a 01 01 0a 01 00 dap,dc=com...... 0030: 02 02 03 e8 02 01 00 01 01 00 a0 34 a3 12 04 01 ...........4.... 0040: 6f 04 0d 6f 72 67 61 6e 69 73 61 74 69 6f 6e 31 o..organisation1 0050: a3 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 ....objectClass. 0060: 0f 76 66 6b 4f 72 67 61 6e 69 7a 61 74 69 6f 6e .vfkOrganization 0070: 30 0d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 0...objectClass 55e6fd47 >>> dnPrettyNormal: <dc=organizations,dc=vfk,dc=ldap,dc=com> => ldap_bv2dn(dc=organizations,dc=vfk,dc=ldap,dc=com,0) <= ldap_bv2dn(dc=organizations,dc=vfk,dc=ldap,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=organizations,dc=vfk,dc=ldap,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=organizations,dc=vfk,dc=ldap,dc=com)=0 55e6fd47 <<< dnPrettyNormal: <dc=organizations,dc=vfk,dc=ldap,dc=com>, <dc=organizations,dc=vfk,dc=ldap,dc=com> 55e6fd47 SRCH "dc=organizations,dc=vfk,dc=ldap,dc=com" 1 055e6fd47 1000 0 0 55e6fd47 begin get_filter 55e6fd47 AND 55e6fd47 begin get_filter_list 55e6fd47 begin get_filter 55e6fd47 EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x7f0fbc106140 ptr=0x7f0fbc10617f end=0x7f0fbc1061c2 len=67 0000: a3 12 04 01 6f 04 0d 6f 72 67 61 6e 69 73 61 74 ....o..organisat 0010: 69 6f 6e 31 a3 1e 04 0b 6f 62 6a 65 63 74 43 6c ion1....objectCl 0020: 61 73 73 04 0f 76 66 6b 4f 72 67 61 6e 69 7a 61 ass..vfkOrganiza 0030: 74 69 6f 6e 30 0d 04 0b 6f 62 6a 65 63 74 43 6c tion0...objectCl 0040: 61 73 73 ass 55e6fd47 end get_filter 0 55e6fd47 begin get_filter 55e6fd47 EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x7f0fbc106140 ptr=0x7f0fbc106193 end=0x7f0fbc1061c2 len=47 0000: 00 1e 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 ....objectClass. 0010: 0f 76 66 6b 4f 72 67 61 6e 69 7a 61 74 69 6f 6e .vfkOrganization 0020: 30 0d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 0...objectClass 55e6fd47 end get_filter 0 55e6fd47 end get_filter_list 55e6fd47 end get_filter 0 55e6fd47 filter: (&(o=organisation1)(objectClass=vfkOrganization)) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x7f0fbc106140 ptr=0x7f0fbc1061b3 end=0x7f0fbc1061c2 len=15 0000: 00 0d 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 ....objectClass 55e6fd47 attrs:55e6fd47 objectClass55e6fd47 55e6fd47 conn=1000 op=12 SRCH base="dc=organizations,dc=vfk,dc=ldap,dc=com" scope=1 deref=0 filter="(&(o=organisation1)(objectClass=vfkOrganization))" 55e6fd47 conn=1000 op=12 SRCH attr=objectClass 55e6fd47 => hdb_search 55e6fd47 bdb_dn2entry("dc=organizations,dc=vfk,dc=ldap,dc=com") 55e6fd47 => access_allowed: search access to "dc=organizations,dc=vfk,dc=ldap,dc=com" "entry" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: search access granted by manage(=mwrscxd) 55e6fd47 search_candidates: base="dc=organizations,dc=vfk,dc=ldap,dc=com" (0x00000015) scope=1 55e6fd47 => hdb_dn2idl("dc=organizations,dc=vfk,dc=ldap,dc=com") 55e6fd47 => bdb_filter_candidates 55e6fd47 AND 55e6fd47 => bdb_list_candidates 0xa0 55e6fd47 => bdb_filter_candidates 55e6fd47 OR 55e6fd47 => bdb_list_candidates 0xa1 55e6fd47 => bdb_filter_candidates 55e6fd47 EQUALITY 55e6fd47 => bdb_equality_candidates (objectClass) 55e6fd47 => key_read 55e6fd47 bdb_idl_fetch_key: [b49d1940] 55e6fd47 <= bdb_index_read: failed (-30988) 55e6fd47 <= bdb_equality_candidates: id=0, first=0, last=0 55e6fd47 <= bdb_filter_candidates: id=0 first=0 last=0 55e6fd47 => bdb_filter_candidates 55e6fd47 AND 55e6fd47 => bdb_list_candidates 0xa0 55e6fd47 => bdb_filter_candidates 55e6fd47 EQUALITY 55e6fd47 => bdb_equality_candidates (o) 55e6fd47 <= bdb_equality_candidates: (o) not indexed 55e6fd47 <= bdb_filter_candidates: id=-1 first=1 last=130485 55e6fd47 => bdb_filter_candidates 55e6fd47 EQUALITY 55e6fd47 => bdb_equality_candidates (objectClass) 55e6fd47 => key_read 55e6fd47 bdb_idl_fetch_key: [63fb4940] 55e6fd47 <= bdb_index_read 3 candidates 55e6fd47 <= bdb_equality_candidates: id=3, first=27, last=42 55e6fd47 <= bdb_filter_candidates: id=3 first=27 last=42 55e6fd47 <= bdb_list_candidates: id=3 first=27 last=42 55e6fd47 <= bdb_filter_candidates: id=3 first=27 last=42 55e6fd47 <= bdb_list_candidates: id=3 first=27 last=42 55e6fd47 <= bdb_filter_candidates: id=3 first=27 last=42 55e6fd47 <= bdb_list_candidates: id=3 first=27 last=42 55e6fd47 <= bdb_filter_candidates: id=3 first=27 last=42 55e6fd47 bdb_search_candidates: id=3 first=27 last=42 55e6fd47 => test_filter 55e6fd47 AND 55e6fd47 => test_filter_and 55e6fd47 => test_filter 55e6fd47 EQUALITY 55e6fd47 => access_allowed: search access to "o=organisation1,dc=organizations,dc=vfk,dc=ldap,dc=com" "o" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: search access granted by manage(=mwrscxd) 55e6fd47 <= test_filter 6 55e6fd47 => test_filter 55e6fd47 EQUALITY 55e6fd47 => access_allowed: search access to "o=organisation1,dc=organizations,dc=vfk,dc=ldap,dc=com" "objectClass" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: search access granted by manage(=mwrscxd) 55e6fd47 <= test_filter 6 55e6fd47 <= test_filter_and 6 55e6fd47 <= test_filter 6 55e6fd47 => send_search_entry: conn 1000 dn="o=organisation1,dc=organizations,dc=vfk,dc=ldap,dc=com" 55e6fd47 => access_allowed: read access to "o=organisation1,dc=organizations,dc=vfk,dc=ldap,dc=com" "entry" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: read access granted by manage(=mwrscxd) 55e6fd47 => access_allowed: result not in cache (objectClass) 55e6fd47 => access_allowed: read access to "o=organisation1,dc=organizations,dc=vfk,dc=ldap,dc=com" "objectClass" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: read access granted by manage(=mwrscxd) 55e6fd47 => access_allowed: result was in cache (objectClass) 55e6fd47 conn=1000 op=12 ENTRY dn="o=organisation1,dc=organizations,dc=vfk,dc=ldap,dc=com" ber_flush2: 104 bytes to sd 16 0000: 30 66 02 01 0d 64 61 04 36 6f 3d 6f 72 67 61 6e 0f...da.6o=organ 0010: 69 73 61 74 69 6f 6e 31 2c 64 63 3d 6f 72 67 61 isation1,dc=orga 0020: 6e 69 7a 61 74 69 6f 6e 73 2c 64 63 3d 76 66 6b nizations,dc=vfk 0030: 2c 64 63 3d 6c 64 61 70 2c 64 63 3d 63 6f 6d 30 ,dc=ldap,dc=com0 0040: 27 30 25 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 '0%..objectClass 0050: 31 16 04 0f 76 66 6b 4f 72 67 61 6e 69 7a 61 74 1...vfkOrganizat 0060: 69 6f 6e 04 03 74 6f 70 ion..top ldap_write: want=104, written=104 0000: 30 66 02 01 0d 64 61 04 36 6f 3d 6f 72 67 61 6e 0f...da.6o=organ 0010: 69 73 61 74 69 6f 6e 31 2c 64 63 3d 6f 72 67 61 isation1,dc=orga 0020: 6e 69 7a 61 74 69 6f 6e 73 2c 64 63 3d 76 66 6b nizations,dc=vfk 0030: 2c 64 63 3d 6c 64 61 70 2c 64 63 3d 63 6f 6d 30 ,dc=ldap,dc=com0 0040: 27 30 25 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 '0%..objectClass 0050: 31 16 04 0f 76 66 6b 4f 72 67 61 6e 69 7a 61 74 1...vfkOrganizat 0060: 69 6f 6e 04 03 74 6f 70 ion..top 55e6fd47 <= send_search_entry: conn 1000 exit. 55e6fd47 entry_decode: "" 55e6fd47 <= entry_decode() 55e6fd47 => test_filter 55e6fd47 AND 55e6fd47 => test_filter_and 55e6fd47 => test_filter 55e6fd47 EQUALITY 55e6fd47 => access_allowed: search access to "o=organisation2,dc=organizations,dc=vfk,dc=ldap,dc=com" "o" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: search access granted by manage(=mwrscxd) 55e6fd47 <= test_filter 5 55e6fd47 <= test_filter_and 5 55e6fd47 <= test_filter 5 55e6fd47 hdb_search: 28 does not match filter 55e6fd47 entry_decode: "" 55e6fd47 <= entry_decode() 55e6fd47 => test_filter 55e6fd47 AND 55e6fd47 => test_filter_and 55e6fd47 => test_filter 55e6fd47 EQUALITY 55e6fd47 => access_allowed: search access to "o=testorga,dc=organizations,dc=vfk,dc=ldap,dc=com" "o" requested 55e6fd47 <= root access granted 55e6fd47 => access_allowed: search access granted by manage(=mwrscxd) 55e6fd47 <= test_filter 5 55e6fd47 <= test_filter_and 5 55e6fd47 <= test_filter 5 55e6fd47 hdb_search: 42 does not match filter 55e6fd47 send_ldap_result: conn=1000 op=12 p=3 55e6fd47 send_ldap_result: err=0 matched="" text="" 55e6fd47 send_ldap_response: msgid=13 tag=101 err=0 ber_flush2: 14 bytes to sd 16 0000: 30 0c 02 01 0d 65 07 0a 01 00 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 0d 65 07 0a 01 00 04 00 04 00 0....e........ 55e6fd47 conn=1000 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text= ^C55e6fd64 daemon: shutdown requested and initiated. 55e6fd64 daemon: closing 7 55e6fd64 daemon: closing 8 55e6fd64 connection_closing: readying conn=1000 sd=16 for close 55e6fd64 connection_close: conn=1000 sd=16 55e6fd64 daemon: removing 16 55e6fd64 conn=1000 fd=16 closed (slapd shutdown) 55e6fd64 slapd shutdown: waiting for 0 operations/tasks to finish 55e6fd64 slapd shutdown: initiated 55e6fd64 ====> bdb_cache_release_all 55e6fd64 slapd destroy: freeing system resources. 55e6fd64 slapd stopped.------------------------------------------ -----Ursprüngliche Nachricht----- Am Tue, 1 Sep 2015 06:44:08 +0000 schrieb "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>: > Hi Dieter, > > I've tried it with a quite accurate filter request: > (& > (cn=aaa) > (objectClass=vfkUser) > ) > Scope: singleLevel > Sizelimit: 1 > Baseobject : cn=user, ... > > > The only result have been transferred from the server after 2ms, but
> the success packet still need 2-3s. > > Do I have to edit something on the server side? > > Greetings John > > PS. the cn's in the entry 'cn=user' are unique... This is rather strange, could you run slapd in debugging mode (-d-1) in order to watch the internal process? -Dieter > > > -----Ursprüngliche Nachricht----- > Von: openldap-technical > [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Dieter
> Klünter Gesendet: Freitag, 28. August 2015 09:46 An: > openldap-technical@openldap.org Betreff: Re: Send Success with first
> found entry > > Am Fri, 28 Aug 2015 05:42:37 +0000 > schrieb "Fischer, Johannes" > <johannes.fischer@ipa.fraunhofer.de>http://ldapcon.org/2015/: > > > Hi again, > > > > more and more I get a feeling how all this work together. But often
> > you don't know what you actually need to look up... > > > > I've looked on the LDAP server of the Institute to get a feeling how
> > the real IT-guys managed their server... (It was a disaster from a
> > data protection perspective...) Some things were quit nice, for
> > example that the server send a "success" with the first found entry
> > in a subtree. > > > > On my openLDAP instance I receive a entry of a subtree after 20-30ms
> > but the success packet need 200ms. For me this behavior is not clear
> > due to the fact, that the entries in the directory need to be
> > unique. > > > > The Example: > > I'm using the Spring security framework and trigger with
> > "ldapTemplate.lookup("cn=" + _name + ",dc=users");" a lookup. On
> > wireshark I see a search request with the scope "baseObject" and The
> > Filter "objectClass=*". After 33ms I receive a searchResEntry
> > packet, so the Server found something and could also stop. But I
> > think in the background all the other entries in the Subtree
> > "dc=users", are looked through also. After 230ms the success packet
> > arrive at my computer. (see also Attachment) > > > > My Question, is there a possibility to emit a success together with
> > the first found entry? > > In fact, this depends on your filter design. The rate of hits
> decreases with the degree of accuracy. > > -Dieter > > > > -- > Dieter Klünter | Systemberatung > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E > -- Dieter Klünter | Systemberatung GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E |