Bug 486321 – nss_ldap compiled with --enable-paged-results breaks 'getent passwd'

Bug 486321 - nss_ldap compiled with --enable-paged-results breaks 'getent passwd'

Summary:	nss_ldap compiled with --enable-paged-results breaks 'getent passwd'

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	nss_ldap (Show other bugs)
Sub Component:
Version:	5.3
Hardware:	All Linux

Priority	low Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:	BaseOS QE
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2009-02-19 06:31 EST by Juanjo Villaplana
Modified:	2009-09-02 07:49 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	253-18.el5
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2009-09-02 07:49:30 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Juanjo Villaplana 2009-02-19 06:31:50 EST

Description of problem:

We have setup /etc/nsswitch.conf and /etc/ldap.conf to get users from our ldap server. Since we upgraded to nss_ldap-253-17.el5, 'getent passwd' is truncated to 1041 lines (41 local users + 1000 ldap users).


Version-Release number of selected component (if applicable):

nss_ldap-253-17.el5


How reproducible:

Always

Steps to Reproduce:
1. getent passwd | wc -l
2. upgrade to nss_ldap-253-17.el5
3. getent passwd | wc -l

  
Actual results:

40447 lines before upgrading, and 1041 after upgrading.


Expected results:

40447 lines before and after upgrading.


Additional info:

Downgrading to nss_ldap-253-13.el5_2.1 gives again 40447 lines.

Disabling --enable-paged-results on nss_ldap-253-17.el5 also makes 'getent passwd | wc -l' return the expected result.

Comment 1 Nalin Dahyabhai 2009-02-19 17:52:32 EST

Does setting 'nss_paged_results no' in /etc/ldap.conf restore the correct behavior?

Comment 2 Juanjo Villaplana 2009-02-20 02:30:55 EST

Yes it does.

What is the intended use of nss_paged_results?

Comment 3 Nalin Dahyabhai 2009-02-20 11:44:23 EST

It adds the paged results control to search requests.  Against certain server implementations (AD in particular), this is the only way to get the complete set of matching entries for a search if the result set would exceed a server-enforced sizelimit.

The server then returns groups of results of up to the size specified as the "pagesize" configuration setting.  But it should never just stop retrieving results.

a) I'm thinking we're going to want to change that default back, so that it
   would need to be explicitly enabled in the configuration.

b) For reference, what type of server are you connecting to?

Comment 4 Juanjo Villaplana 2009-02-20 14:18:45 EST

Its an OpenLDAP server running on a RHEL 4.7 server (openldap-servers-2.2.13-12.el4).

And may be this setting is related to this client/server behaviour:

    # Maximum number of entries to return from a search operation
    sizelimit 50000

Comment 6 Nalin Dahyabhai 2009-05-18 17:29:43 EDT

Reverting use-paged-results-by-default behavior in 253-18.el5 and later.

Comment 10 errata-xmlrpc 2009-09-02 07:49:30 EDT

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1379.html

Note You need to log in before you can comment on or make changes to this bug.