Bug 674662

Summary: Incorrect scope of nsslapd-sizelimit during Simple Paged Results
Product: [Retired] 389 Reporter: Zac <pie.fed>
Component: UnknownAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED NOTABUG QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.2.5CC: benl, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
URL: http://dunnry.com/blog/2006/03/17/PagingInSystemDirectoryServicesProtocols.aspx
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-08 18:13:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Zac 2011-02-02 20:34:27 UTC 
Description of problem:
Having attached the page result request control to my search request, I was surprised that, after several iterations of search and cookie updating, my request that would have brought my total returned entries to nsslapd-sizelimit resulted in error 4 (size limit).

Version-Release number of selected component (if applicable):
389-Directory/1.2.5 B2010.012.2034

How reproducible:
Configuration:
sslapd-sizelimit: 2000
nsslapd-lookthroughlimit: 5000
entries in ldap: 2500

Steps to Reproduce:
1. Create Search Request that would result in all entries coming back.
2. Attach the page request control, with a size of 500.
3. Search:
3.1: send search request.
3.2: copy search response entries to local data structure
3.3: update cookie in page request control with what was returned
3.4: if cookie isn't zero-length, repeat.
  
Actual results:
Even thought the request is for 500 entries, far less than sslapd-sizelimit, a size limit error comes back when I've paged to that limit. The page that would have returned items 1501-2000 is what fails.

Expected results:
That the paged request, which is still of size 500, keep returning the next 500 entries from the ID list, until the list is exhausted.

Additional info:

Logs:
[02/Feb/2011:12:22:47 -0800] conn=2265274 op=3 SRCH base="***valid base***" scope=2 filter="(objectClass=*)" attrs="***valid list of attributes***"
[02/Feb/2011:12:22:47 -0800] conn=2265274 op=3 RESULT err=0 tag=101 nentries=500 etime=0
[02/Feb/2011:12:22:48 -0800] conn=2265274 op=4 SRCH base="***valid base***" scope=2 filter="(objectClass=*)" attrs="***valid list of attributes***"
[02/Feb/2011:12:22:48 -0800] conn=2265274 op=4 RESULT err=4 tag=101 nentries=497 etime=0
[02/Feb/2011:12:22:48 -0800] conn=2265274 op=4 RESULT err=32 tag=101 nentries=0 etime=0
[02/Feb/2011:12:22:48 -0800] conn=2265274 op=5 UNBIND
[02/Feb/2011:12:22:48 -0800] conn=2265274 op=5 fd=68 closed - U1
Comment 1 Zac 2011-02-02 20:58:39 UTC 
URL showing the client code example I'm following:
http://dunnry.com/blog/2006/03/17/PagingInSystemDirectoryServicesProtocols.aspx
Comment 2 Noriko Hosoi 2011-02-08 18:13:31 UTC 
sizelimit is designed as you described.

If you run a command line with sizelimit == 30 (sizelimit > pagesize), the search ends at the 4-th page with return code 4 (LDAP_SIZELIMIT_EXCEEDED).
$ ldapsearch -x -h localhost -p 389 -E pr=10 -b "dc=test,dc=com" -z 30 "(cn=*)"

If sizelimit == 5 (sizelimit < pagesize), the server returns the sizelimit count of entries with return code 4.
$ ldapsearch -x -h localhost -p 389 -E pr=10 -b "dc=test,dc=com" -z 5 "(cn=*)"

The configuration parameter nsslapd-sizelimit works in the same way.  If you don't want to hit the sizelimit, we recommend to increase it to a number greater than your entry count.