Bug 513019 - nsslapd-lookthroughlimit is not respected when the filter test failed in search
Summary: nsslapd-lookthroughlimit is not respected when the filter test failed in search
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: 389
Classification: Retired
Component: Database - Indexes/Searches
Version: 1.2.0
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Noriko Hosoi
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 434914
TreeView+ depends on / blocked
 
Reported: 2009-07-21 16:54 UTC by Noriko Hosoi
Modified: 2015-01-04 23:39 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-23 23:45:24 UTC


Attachments (Terms of Use)
git patch file for ldbm_search.c (1.19 KB, patch)
2009-07-21 17:28 UTC, Noriko Hosoi
no flags Details | Diff

Description Noriko Hosoi 2009-07-21 16:54:30 UTC
Description of problem:

Bug report by Sankar Ramalingam:
Test Setup 1:
Simple paged with sorting with all default configuration values except nsslapd-lookthroughlimit is set to 100
Added 400 users to the suffix.
Simple paged search request with normal user.

perl ./data/ldap_usr_search.pl -x -pg 90 "cn=test*" -S "cn" "dn"

Problem sorting, LDAP_ADMIN_LIMIT_EXCEEDED
next page size (90):

Result; This returns 90 entries and the ADMIN_LIMIT_EXCEEDED error.

perl ./data/ldap_usr_search.pl -x -pg 91 "cn=test*" -S "cn" "dn"
search failed: LDAP_ADMIN_LIMIT_EXCEEDED

Result: Search fails. Though the limit is set to 100, it fails for 91st entry.

Comment 1 Noriko Hosoi 2009-07-21 17:28:58 UTC
Created attachment 354532 [details]
git patch file for ldbm_search.c

File: ldap/servers/slapd/back-ldbm/ldbm_search.c

Fix Description: When filter test is necessary against the search results 
and the test fails, lookthroughcount attached to the search result structure 
should have been decremented since the entry will not be sent to the client, 
but it was not.  This change fixes it.

Comment 2 Noriko Hosoi 2009-07-21 20:24:59 UTC
Reviewed by Rich (Thank you!)

Pushed to master.

$ git merge simple_results
Updating 77c8f3e..1e3138f
Fast forward
 ldap/servers/slapd/back-ldbm/ldbm_search.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
$ git push
Counting objects: 13, done.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 862 bytes, done.
Total 7 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   77c8f3e..1e3138f  master -> master

Comment 3 Noriko Hosoi 2009-07-23 23:07:48 UTC
Revert "513019 nsslapd-lookthroughlimit is not respected"

This reverts commit 1e3138f1d41562d6f42a8fdf0934af23219bb8e1.

Misunderstood nsslapd-lookthroughlimit.  Regardless of the filter test result,
once hit the lookthroughlimit, search should be aborted there.  That's what
the original code does and that is correct.

# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch paged
# Changes to be committed:
#   (use "git reset HEAD <file>..." to unstage)
#
#   modified:   ldap/servers/slapd/back-ldbm/ldbm_search.c

$ git merge paged
Updating c3f6ff6..85aefb4
Fast forward
 ldap/servers/slapd/back-ldbm/ldbm_search.c |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)
$ git push
Counting objects: 13, done.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 771 bytes, done.
Total 7 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   c3f6ff6..85aefb4  master -> master

Comment 4 Noriko Hosoi 2009-07-23 23:45:24 UTC
It turned out it was the test script's problem.

Assuming you are using something similar for your testing, my script was checking the search result code first and if an error was found (e.g., ADMINLIMIT_EXCEEDED, it quitted there.  If some entries were returned, they were discarded.  If the order is switched as follows, the script prints out the search results, then output the error and exit.
my @entries = $result->entries;
my $entr;
foreach $entr ( @entries ) {
    print "dn: ", $entr->dn, "\n";

    my $attr;
    foreach $attr ( sort $entr->attributes ) {
        # skip binary we can't handle
        next if ( $attr =~ /;binary$/ );
        print "  $attr : ", $entr->get_value ( $attr ) ,"\n";
    }
    print "\n";
}

if ($result->code) {
    print "search failed: ", ldap_error_name($result), ": ", ldap_error_text($result);
    print Net::LDAP::Message::server_error($result), "\n";
    exit 1;
}

I set 10 to lookthroughlimit.  1st page contains 7 entries, then 3 in the next + ADMINLIMIT_EXCEEDED error:
perl ldapsearch.pl -b "ou=Payroll,dc=example,dc=com" -pg 7 "(objectclass=*)" "dn"
dn: ou=Payroll, dc=example,dc=com

dn: uid=VLeBaron1, ou=Payroll, dc=example,dc=com

dn: uid=JOshinski2, ou=Payroll, dc=example,dc=com

dn: uid=LLe4, ou=Payroll, dc=example,dc=com

dn: uid=LFeddeman12, ou=Payroll, dc=example,dc=com

dn: uid=CTalis15, ou=Payroll, dc=example,dc=com

dn: uid=BHerbel22, ou=Payroll, dc=example,dc=com

next page size (7): 
dn: uid=PReist29, ou=Payroll, dc=example,dc=com

dn: uid=NPastorek33, ou=Payroll, dc=example,dc=com

dn: uid=BLawrence37, ou=Payroll, dc=example,dc=com

search failed: LDAP_ADMIN_LIMIT_EXCEEDED: The server has exceed the maximum number of entries to search while gathering a list of search result candidates

Sorry about the confusion.


Note You need to log in before you can comment on or make changes to this bug.