Red Hat Bugzilla – Bug 486321
nss_ldap compiled with --enable-paged-results breaks 'getent passwd'
Last modified: 2009-09-02 07:49:30 EDT
Description of problem:
We have setup /etc/nsswitch.conf and /etc/ldap.conf to get users from our ldap server. Since we upgraded to nss_ldap-253-17.el5, 'getent passwd' is truncated to 1041 lines (41 local users + 1000 ldap users).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. getent passwd | wc -l
2. upgrade to nss_ldap-253-17.el5
3. getent passwd | wc -l
40447 lines before upgrading, and 1041 after upgrading.
40447 lines before and after upgrading.
Downgrading to nss_ldap-253-13.el5_2.1 gives again 40447 lines.
Disabling --enable-paged-results on nss_ldap-253-17.el5 also makes 'getent passwd | wc -l' return the expected result.
Does setting 'nss_paged_results no' in /etc/ldap.conf restore the correct behavior?
Yes it does.
What is the intended use of nss_paged_results?
It adds the paged results control to search requests. Against certain server implementations (AD in particular), this is the only way to get the complete set of matching entries for a search if the result set would exceed a server-enforced sizelimit.
The server then returns groups of results of up to the size specified as the "pagesize" configuration setting. But it should never just stop retrieving results.
a) I'm thinking we're going to want to change that default back, so that it
would need to be explicitly enabled in the configuration.
b) For reference, what type of server are you connecting to?
Its an OpenLDAP server running on a RHEL 4.7 server (openldap-servers-2.2.13-12.el4).
And may be this setting is related to this client/server behaviour:
# Maximum number of entries to return from a search operation
Reverting use-paged-results-by-default behavior in 253-18.el5 and later.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.