Bug 513019

Summary: nsslapd-lookthroughlimit is not respected when the filter test failed in search
Product: [Retired] 389 Reporter: Noriko Hosoi <nhosoi>
Component: Database - Indexes/SearchesAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED NOTABUG QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 1.2.0CC: benl, jgalipea, nkinder, rmeggins, sramling
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-23 23:45:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 434914    
Attachments:
Description Flags
git patch file for ldbm_search.c none

Description Noriko Hosoi 2009-07-21 16:54:30 UTC 
Description of problem:

Bug report by Sankar Ramalingam:
Test Setup 1:
Simple paged with sorting with all default configuration values except nsslapd-lookthroughlimit is set to 100
Added 400 users to the suffix.
Simple paged search request with normal user.

perl ./data/ldap_usr_search.pl -x -pg 90 "cn=test*" -S "cn" "dn"

Problem sorting, LDAP_ADMIN_LIMIT_EXCEEDED
next page size (90):

Result; This returns 90 entries and the ADMIN_LIMIT_EXCEEDED error.

perl ./data/ldap_usr_search.pl -x -pg 91 "cn=test*" -S "cn" "dn"
search failed: LDAP_ADMIN_LIMIT_EXCEEDED

Result: Search fails. Though the limit is set to 100, it fails for 91st entry.
Comment 1 Noriko Hosoi 2009-07-21 17:28:58 UTC 
Created attachment 354532 [details]
git patch file for ldbm_search.c

File: ldap/servers/slapd/back-ldbm/ldbm_search.c

Fix Description: When filter test is necessary against the search results 
and the test fails, lookthroughcount attached to the search result structure 
should have been decremented since the entry will not be sent to the client, 
but it was not.  This change fixes it.
Comment 2 Noriko Hosoi 2009-07-21 20:24:59 UTC 
Reviewed by Rich (Thank you!)

Pushed to master.

$ git merge simple_results
Updating 77c8f3e..1e3138f
Fast forward
 ldap/servers/slapd/back-ldbm/ldbm_search.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
$ git push
Counting objects: 13, done.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 862 bytes, done.
Total 7 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   77c8f3e..1e3138f  master -> master
Comment 3 Noriko Hosoi 2009-07-23 23:07:48 UTC 
Revert "513019 nsslapd-lookthroughlimit is not respected"

This reverts commit 1e3138f1d41562d6f42a8fdf0934af23219bb8e1.

Misunderstood nsslapd-lookthroughlimit.  Regardless of the filter test result,
once hit the lookthroughlimit, search should be aborted there.  That's what
the original code does and that is correct.

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch paged
# Changes to be committed:
#   (use "git reset HEAD <file>..." to unstage)
#
#   modified:   ldap/servers/slapd/back-ldbm/ldbm_search.c

$ git merge paged
Updating c3f6ff6..85aefb4
Fast forward
 ldap/servers/slapd/back-ldbm/ldbm_search.c |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)
$ git push
Counting objects: 13, done.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 771 bytes, done.
Total 7 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   c3f6ff6..85aefb4  master -> master
Comment 4 Noriko Hosoi 2009-07-23 23:45:24 UTC 
It turned out it was the test script's problem.

Assuming you are using something similar for your testing, my script was checking the search result code first and if an error was found (e.g., ADMINLIMIT_EXCEEDED, it quitted there.  If some entries were returned, they were discarded.  If the order is switched as follows, the script prints out the search results, then output the error and exit.
my @entries = $result->entries;
my $entr;
foreach $entr ( @entries ) {
    print "dn: ", $entr->dn, "\n";

    my $attr;
    foreach $attr ( sort $entr->attributes ) {
        # skip binary we can't handle
        next if ( $attr =~ /;binary$/ );
        print "  $attr : ", $entr->get_value ( $attr ) ,"\n";
    }
    print "\n";
}

if ($result->code) {
    print "search failed: ", ldap_error_name($result), ": ", ldap_error_text($result);
    print Net::LDAP::Message::server_error($result), "\n";
    exit 1;
}

I set 10 to lookthroughlimit.  1st page contains 7 entries, then 3 in the next + ADMINLIMIT_EXCEEDED error:
perl ldapsearch.pl -b "ou=Payroll,dc=example,dc=com" -pg 7 "(objectclass=*)" "dn"
dn: ou=Payroll, dc=example,dc=com

dn: uid=VLeBaron1, ou=Payroll, dc=example,dc=com

dn: uid=JOshinski2, ou=Payroll, dc=example,dc=com

dn: uid=LLe4, ou=Payroll, dc=example,dc=com

dn: uid=LFeddeman12, ou=Payroll, dc=example,dc=com

dn: uid=CTalis15, ou=Payroll, dc=example,dc=com

dn: uid=BHerbel22, ou=Payroll, dc=example,dc=com

next page size (7): 
dn: uid=PReist29, ou=Payroll, dc=example,dc=com

dn: uid=NPastorek33, ou=Payroll, dc=example,dc=com

dn: uid=BLawrence37, ou=Payroll, dc=example,dc=com

search failed: LDAP_ADMIN_LIMIT_EXCEEDED: The server has exceed the maximum number of entries to search while gathering a list of search result candidates

Sorry about the confusion.