Red Hat Bugzilla – Bug 1052751
Page control does not work if effective rights control is specified
Last modified: 2015-03-05 04:33:24 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/389/ticket/47664 Paging controls are ignored if the effective rights control is specified. This can be recreated with the command: ldapsearch -x -H ldap://My389Server.somedomain.net:389 -D "cn=Directory Manager" -w "MyPassword" -E "pr=5/prompt" -E "1.3.6.1.4.1.42.2.27.9.5.2=:dn:cn=Directory Manager" -b "dc=example,dc=com" "(Cn=*)"
[root@dhcp201-126 ~]# ldapsearch -x -H ldap://dhcp201-126.englab.pnq.redhat.com:389 -D "cn=Directory Manager" -w "Secret123" -E "pr=1/prompt" -E "1.3.6.1.4.1.42.2.27.9.5.2=:dn:cn=Directory Manager" -b "dc=example,dc=com" "(Cn=*)" # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (Cn=*) # requesting: ALL # with pagedResults control: size=1 # # Directory Administrators, example.com dn: cn=Directory Administrators,dc=example,dc=com objectClass: top objectClass: groupofuniquenames cn: Directory Administrators uniqueMember: cn=Directory Manager entryLevelRights: vadnn attributeLevelRights: objectClass:rscwo, cn:rscwo, uniqueMember:rscwo # search result search: 2 result: 0 Success control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA= control: 1.2.840.113556.1.4.319 false MAYCAQUEATA= pagedresults: estimate=5 cookie=MA== Press [size] Enter for the next {1|size} entries. # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (Cn=*) # requesting: ALL # with pagedResults control: size=1 # # Accounting Managers, Groups, example.com dn: cn=Accounting Managers,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries uniqueMember: cn=Directory Manager entryLevelRights: vadnn attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo , uniqueMember:rscwo # search result search: 3 result: 0 Success control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA= control: 1.2.840.113556.1.4.319 false MAYCAQQEATA= pagedresults: estimate=4 cookie=MA== Press [size] Enter for the next {1|size} entries. # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (Cn=*) # requesting: ALL # with pagedResults control: size=1 # # HR Managers, Groups, example.com dn: cn=HR Managers,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries uniqueMember: cn=Directory Manager entryLevelRights: vadnn attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo , uniqueMember:rscwo # search result search: 4 result: 0 Success control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA= control: 1.2.840.113556.1.4.319 false MAYCAQMEATA= pagedresults: estimate=3 cookie=MA== Press [size] Enter for the next {1|size} entries. # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (Cn=*) # requesting: ALL # with pagedResults control: size=1 # # QA Managers, Groups, example.com dn: cn=QA Managers,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries uniqueMember: cn=Directory Manager entryLevelRights: vadnn attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo , uniqueMember:rscwo # search result search: 5 result: 0 Success control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA= control: 1.2.840.113556.1.4.319 false MAYCAQIEATA= pagedresults: estimate=2 cookie=MA== Press [size] Enter for the next {1|size} entries. # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (Cn=*) # requesting: ALL # with pagedResults control: size=1 # # PD Managers, Groups, example.com dn: cn=PD Managers,ou=Groups,dc=example,dc=com objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries uniqueMember: cn=Directory Manager entryLevelRights: vadnn attributeLevelRights: objectClass:rscwo, cn:rscwo, ou:rscwo, description:rscwo , uniqueMember:rscwo # search result search: 6 result: 0 Success control: 1.3.6.1.4.1.42.2.27.9.5.2 false MAMKAQA= control: 1.2.840.113556.1.4.319 false MAUCAQAEAA== pagedresults: cookie= # numResponses: 10 # numEntries: 5 Hence VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0416.html