Description of problem: We have setup /etc/nsswitch.conf and /etc/ldap.conf to get users from our ldap server. Since we upgraded to nss_ldap-253-17.el5, 'getent passwd' is truncated to 1041 lines (41 local users + 1000 ldap users). Version-Release number of selected component (if applicable): nss_ldap-253-17.el5 How reproducible: Always Steps to Reproduce: 1. getent passwd | wc -l 2. upgrade to nss_ldap-253-17.el5 3. getent passwd | wc -l Actual results: 40447 lines before upgrading, and 1041 after upgrading. Expected results: 40447 lines before and after upgrading. Additional info: Downgrading to nss_ldap-253-13.el5_2.1 gives again 40447 lines. Disabling --enable-paged-results on nss_ldap-253-17.el5 also makes 'getent passwd | wc -l' return the expected result.
Does setting 'nss_paged_results no' in /etc/ldap.conf restore the correct behavior?
Yes it does. What is the intended use of nss_paged_results?
It adds the paged results control to search requests. Against certain server implementations (AD in particular), this is the only way to get the complete set of matching entries for a search if the result set would exceed a server-enforced sizelimit. The server then returns groups of results of up to the size specified as the "pagesize" configuration setting. But it should never just stop retrieving results. a) I'm thinking we're going to want to change that default back, so that it would need to be explicitly enabled in the configuration. b) For reference, what type of server are you connecting to?
Its an OpenLDAP server running on a RHEL 4.7 server (openldap-servers-2.2.13-12.el4). And may be this setting is related to this client/server behaviour: # Maximum number of entries to return from a search operation sizelimit 50000
Reverting use-paged-results-by-default behavior in 253-18.el5 and later.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1379.html