Package: slapd
Version: 2.2.23-8
We have an LDAP server with a little over 13,000 accounts. We use
libnss-ldap for servers to get passwd and shadow information from the
LDAP server. Not all servers should have access to the full account
database, so they are limited with a filter in /etc/libnss-ldap.conf:
nss_base_passwd ou=Account,dc=hampshire,dc=edu?one?host=nike
nss_base_shadow ou=Account,dc=hampshire,dc=edu?one?host=nike
If there are more than 1,000 accounts after the filter has been applied,
the LDAP server returns incorrect results. In one instance it should have
returned 2117 account but returned 4,208 instead. In another instance it
should have returned 10,396 accounts but returned 13,143. There doesn't
seem to be any rhyme or reason to the extra accounts it returns.
Switching to the ldbm backend causes the server to work correctly,
but then I start to experience data loss as described in bug #304735.
This only happens when using getent. Searches performed with ldapsearch
return the correct results.
Relevant settings from /etc/ldap/slapd.conf:
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd.args
loglevel 0
sizelimit 25000
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
checkpoint 512 30
database bdb
suffix "dc=hampshire,dc=edu"
directory "/var/lib/ldap"
index objectClass eq
index uid eq
index uidNumber eq
index host eq
lastmod on
The LDAP server is running kernel 2.4.31 and libc6 2.3.2.ds1-22.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
