Bug 486321 - nss_ldap compiled with --enable-paged-results breaks 'getent passwd'
nss_ldap compiled with --enable-paged-results breaks 'getent passwd'
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss_ldap (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2009-02-19 06:31 EST by Juanjo Villaplana
Modified: 2009-09-02 07:49 EDT (History)
3 users (show)

See Also:
Fixed In Version: 253-18.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 07:49:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Juanjo Villaplana 2009-02-19 06:31:50 EST
Description of problem:

We have setup /etc/nsswitch.conf and /etc/ldap.conf to get users from our ldap server. Since we upgraded to nss_ldap-253-17.el5, 'getent passwd' is truncated to 1041 lines (41 local users + 1000 ldap users).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. getent passwd | wc -l
2. upgrade to nss_ldap-253-17.el5
3. getent passwd | wc -l

Actual results:

40447 lines before upgrading, and 1041 after upgrading.

Expected results:

40447 lines before and after upgrading.

Additional info:

Downgrading to nss_ldap-253-13.el5_2.1 gives again 40447 lines.

Disabling --enable-paged-results on nss_ldap-253-17.el5 also makes 'getent passwd | wc -l' return the expected result.
Comment 1 Nalin Dahyabhai 2009-02-19 17:52:32 EST
Does setting 'nss_paged_results no' in /etc/ldap.conf restore the correct behavior?
Comment 2 Juanjo Villaplana 2009-02-20 02:30:55 EST
Yes it does.

What is the intended use of nss_paged_results?
Comment 3 Nalin Dahyabhai 2009-02-20 11:44:23 EST
It adds the paged results control to search requests.  Against certain server implementations (AD in particular), this is the only way to get the complete set of matching entries for a search if the result set would exceed a server-enforced sizelimit.

The server then returns groups of results of up to the size specified as the "pagesize" configuration setting.  But it should never just stop retrieving results.

a) I'm thinking we're going to want to change that default back, so that it
   would need to be explicitly enabled in the configuration.

b) For reference, what type of server are you connecting to?
Comment 4 Juanjo Villaplana 2009-02-20 14:18:45 EST
Its an OpenLDAP server running on a RHEL 4.7 server (openldap-servers-2.2.13-12.el4).

And may be this setting is related to this client/server behaviour:

    # Maximum number of entries to return from a search operation
    sizelimit 50000
Comment 6 Nalin Dahyabhai 2009-05-18 17:29:43 EDT
Reverting use-paged-results-by-default behavior in 253-18.el5 and later.
Comment 10 errata-xmlrpc 2009-09-02 07:49:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.