Bug 806765 - SSSD: Intermittent LDAP paging errors
SSSD: Intermittent LDAP paging errors
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sssd (Show other bugs)
5.7
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Stephen Gallagher
IDM QE LIST
: ZStream
Depends On: 782221
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-26 04:01 EDT by RHEL Product and Program Management
Modified: 2012-08-22 09:57 EDT (History)
14 users (show)

See Also:
Fixed In Version: sssd-1.5.1-49.el5_8.1
Doc Type: Bug Fix
Doc Text:
If an LDAP server had the paging control module installed but not enabled or if a highly loaded LDAP server was restricted to a single page search operation at the time, SSSD could unexpectedly deny simple paged search requests with the following error message: Unexpected result from ldap: Server is unwilling to perform(53), Simple Paged Results Search already in progress on this connection. This update implements the "ldap_disable_paging" option, which allows SSSD to disable the LDAP paging control. With this option set, the number of SSSD lookups is limited to the maximum defined by the LDAP server and SSSD no longer fails with the aforementioned error in this scenario.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-02 13:59:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description RHEL Product and Program Management 2012-03-26 04:01:46 EDT
This bug has been copied from bug #782221 and has been proposed
to be backported to 5.8 z-stream (EUS).
Comment 5 Kaushik Banerjee 2012-03-27 12:21:18 EDT
Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 49.el5_8.1                    Build Date: Mon 26 Mar 2012 12:01:47 PM EDT
Install Date: Tue 27 Mar 2012 10:43:27 AM EDT      Build Host: x86-004.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-49.el5_8.1.src.rpm
Size        : 3652059                          License: GPLv3+
Signature   : (none)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon



Verified with the following test scenarios:

1. Disable paging on openldap server. Set "ldap_disable_paging = true" in sssd.
Result: All objects are returned on lookup.

2. Disable paging on openldap server. Set "ldap_disable_paging = false" in sssd.
Result: Lookup fails with error in log "[sdap_get_generic_done] (2): Unexpected result from ldap: Administrative limit exceeded(11), pagedResults control not allowed".

3. Enable paging on openldap server with pagesize=10. Set "ldap_disable_paging = false" and "ldap_page_size = 10" in sssd.
Result: sssd fetches all objects with pagesize of 10.
Comment 6 errata-xmlrpc 2012-04-02 13:59:21 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0440.html
Comment 7 Miroslav Svoboda 2012-04-02 23:57:19 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
If an LDAP server had the paging control module installed but not enabled or if a highly loaded LDAP server was restricted to a single page search operation at the time, SSSD could unexpectedly deny simple paged search requests with the following error message:

    Unexpected result from ldap: Server is unwilling to perform(53), Simple Paged Results Search already in progress on this connection.

This update implements the "ldap_disable_paging" option, which allows SSSD to disable the LDAP paging control. With this option set, the number of SSSD lookups is limited to the maximum defined by the LDAP server and SSSD no longer fails with the aforementioned error in this scenario.

Note You need to log in before you can comment on or make changes to this bug.