Bug 1052751 - Page control does not work if effective rights control is specified
Summary: Page control does not work if effective rights control is specified
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.0
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: 7.1
Assignee: Noriko Hosoi
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-14 01:11 UTC by Noriko Hosoi
Modified: 2015-03-05 09:33 UTC (History)
1 user (show)

Fixed In Version: 389-ds-base-1.3.3.1-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:33:24 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0416 normal SHIPPED_LIVE Important: 389-ds-base security, bug fix, and enhancement update 2015-03-05 14:26:33 UTC

Description Noriko Hosoi 2014-01-14 01:11:09 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/47664

Paging controls are ignored if the effective rights control is specified.  This can be recreated with the command: ldapsearch -x  -H ldap://My389Server.somedomain.net:389    -D "cn=Directory Manager" -w "MyPassword"  -E "pr=5/prompt" -E "1.3.6.1.4.1.42.2.27.9.5.2=:dn:cn=Directory Manager"  -b "dc=example,dc=com"   "(Cn=*)"

Comment 2 Amita Sharma 2015-01-09 07:11:59 UTC
[root@dhcp201-126 ~]# ldapsearch -x  -H ldap://dhcp201-126.englab.pnq.redhat.com:389    -D "cn=Directory Manager" -w "Secret123"  -E "pr=1/prompt" -E "1.3.6.1.4.1.42.2.27.9.5.2=:dn:cn=Directory Manager"  -b "dc=example,dc=com"   "(Cn=*)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (Cn=*)
# requesting: ALL
# with pagedResults control: size=1
#

# Directory Administrators, example.com
dn: cn=Directory Administrators,dc=example,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: cn=Directory Manager
entryLevelRights: vadnn
attributeLevelRights: objectClass:rscwo, cn:rscwo, uniqueMember:rscwo

# search result
search: 2
result: 0 Success
control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA=
control: 1.2.840.113556.1.4.319 false MAYCAQUEATA=
pagedresults: estimate=5 cookie=MA==
Press [size] Enter for the next {1|size} entries.

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (Cn=*)
# requesting: ALL
# with pagedResults control: size=1
#

# Accounting Managers, Groups, example.com
dn: cn=Accounting Managers,ou=Groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager
entryLevelRights: vadnn
attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo
 , uniqueMember:rscwo

# search result
search: 3
result: 0 Success
control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA=
control: 1.2.840.113556.1.4.319 false MAYCAQQEATA=
pagedresults: estimate=4 cookie=MA==
Press [size] Enter for the next {1|size} entries.

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (Cn=*)
# requesting: ALL
# with pagedResults control: size=1
#

# HR Managers, Groups, example.com
dn: cn=HR Managers,ou=Groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=Directory Manager
entryLevelRights: vadnn
attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo
 , uniqueMember:rscwo

# search result
search: 4
result: 0 Success
control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA=
control: 1.2.840.113556.1.4.319 false MAYCAQMEATA=
pagedresults: estimate=3 cookie=MA==
Press [size] Enter for the next {1|size} entries.

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (Cn=*)
# requesting: ALL
# with pagedResults control: size=1
#

# QA Managers, Groups, example.com
dn: cn=QA Managers,ou=Groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=Directory Manager
entryLevelRights: vadnn
attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo
 , uniqueMember:rscwo

# search result
search: 5
result: 0 Success
control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA=
control: 1.2.840.113556.1.4.319 false MAYCAQIEATA=
pagedresults: estimate=2 cookie=MA==
Press [size] Enter for the next {1|size} entries.

# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (Cn=*)
# requesting: ALL
# with pagedResults control: size=1
#

# PD Managers, Groups, example.com
dn: cn=PD Managers,ou=Groups,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=Directory Manager
entryLevelRights: vadnn
attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo
 , uniqueMember:rscwo

# search result
search: 6
result: 0 Success
control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA=
control: 1.2.840.113556.1.4.319 false MAUCAQAEAA==
pagedresults: cookie=

# numResponses: 10
# numEntries: 5

Hence VERIFIED.

Comment 4 errata-xmlrpc 2015-03-05 09:33:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0416.html


Note You need to log in before you can comment on or make changes to this bug.