806765 – SSSD: Intermittent LDAP paging errors

Bug 806765 - SSSD: Intermittent LDAP paging errors

Summary: SSSD: Intermittent LDAP paging errors

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	5.7
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Stephen Gallagher
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:	782221
Blocks:
TreeView+	depends on / blocked

Reported:	2012-03-26 08:01 UTC by RHEL Program Management
Modified:	2020-05-04 10:31 UTC (History)
CC List:	14 users (show)
Fixed In Version:	sssd-1.5.1-49.el5_8.1
Doc Type:	Bug Fix
Doc Text:	If an LDAP server had the paging control module installed but not enabled or if a highly loaded LDAP server was restricted to a single page search operation at the time, SSSD could unexpectedly deny simple paged search requests with the following error message: Unexpected result from ldap: Server is unwilling to perform(53), Simple Paged Results Search already in progress on this connection. This update implements the "ldap_disable_paging" option, which allows SSSD to disable the LDAP paging control. With this option set, the number of SSSD lookups is limited to the maximum defined by the LDAP server and SSSD no longer fails with the aforementioned error in this scenario.
Clone Of:
Environment:
Last Closed:	2012-04-02 17:59:21 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 2009	None	closed	sssd does not handle when paging control disabled for openldap	2020-07-23 03:19:07 UTC
Github	SSSD sssd issues 2244	None	closed	Simple Paged Search control needs to be used more sparingly	2020-07-23 03:19:07 UTC
Github	SSSD sssd issues 2249	None	closed	Improve behavior of LDAP paging control with servers with paging limits	2020-07-23 03:19:07 UTC
Red Hat Product Errata	RHBA-2012:0440	normal	SHIPPED_LIVE	sssd bug fix update	2012-04-02 21:58:04 UTC

Description RHEL Program Management 2012-03-26 08:01:46 UTC

This bug has been copied from bug #782221 and has been proposed
to be backported to 5.8 z-stream (EUS).

Comment 5 Kaushik Banerjee 2012-03-27 16:21:18 UTC

Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 49.el5_8.1                    Build Date: Mon 26 Mar 2012 12:01:47 PM EDT
Install Date: Tue 27 Mar 2012 10:43:27 AM EDT      Build Host: x86-004.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-49.el5_8.1.src.rpm
Size        : 3652059                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon



Verified with the following test scenarios:

1. Disable paging on openldap server. Set "ldap_disable_paging = true" in sssd.
Result: All objects are returned on lookup.

2. Disable paging on openldap server. Set "ldap_disable_paging = false" in sssd.
Result: Lookup fails with error in log "[sdap_get_generic_done] (2): Unexpected result from ldap: Administrative limit exceeded(11), pagedResults control not allowed".

3. Enable paging on openldap server with pagesize=10. Set "ldap_disable_paging = false" and "ldap_page_size = 10" in sssd.
Result: sssd fetches all objects with pagesize of 10.

Comment 6 errata-xmlrpc 2012-04-02 17:59:21 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0440.html

Comment 7 Miroslav Svoboda 2012-04-03 03:57:19 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
If an LDAP server had the paging control module installed but not enabled or if a highly loaded LDAP server was restricted to a single page search operation at the time, SSSD could unexpectedly deny simple paged search requests with the following error message:

    Unexpected result from ldap: Server is unwilling to perform(53), Simple Paged Results Search already in progress on this connection.

This update implements the "ldap_disable_paging" option, which allows SSSD to disable the LDAP paging control. With this option set, the number of SSSD lookups is limited to the maximum defined by the LDAP server and SSSD no longer fails with the aforementioned error in this scenario.

Note You need to log in before you can comment on or make changes to this bug.