--On Tuesday, August 02, 2011 02:16:27 PM -0700 Howard Chu <[email protected]> wrote:
> [email protected] wrote: >> --On Tuesday, August 02, 2011 11:03:24 AM -0700 Quanah >> Gibson-Mount<[email protected]> wrote: >> >>> --On Tuesday, August 02, 2011 5:54 PM +0000 [email protected] wrote: >>>>>> Your log shows that the subsequent search request initiates a new >>>>>> Bind to the remote server, which implies that it's not re-using the >>>>>> same connection as the first request. Since a paged results cookie >>>>>> is only valid within the context of a single connection, you get >>>>>> this error result. >>>>> >>>>> Not sure which log you are looking at. When I look at the log: >>>>> >>>>> http://www.stanford.edu/~whm/files/ldap-debugging/slapd-trace-paged-resu >>>>> lts.log.gz >>>>> >>>>> The only connection I see in the log is conn=1000 and it ends with: >>>>> >>>>> conn=1000 op=5 SEARCH RESULT tag=101 err=2 nentries=0 text=paged results >>>>> cookie is invalid ldap_read: want=8, got=7 >>>>> 0000: 30 05 02 01 07 42 00 0....B. >>>>> ldap_read: want=8, got=0 >>>>> >>>>> conn=1000 op=6 UNBIND >>>>> conn=1000 fd=11 closed >>>>> >>>>> These tests where made with a single ldapsearch request. The ldapsearch >>>>> tests fail when using the proxy and succeed when connecting directly to >>>>> the LDAP server with the database on it. >>>>> >>>>> A side node: the test case I submitted used ldapsearch, but the >>>>> problem was uncovered using a python application that is used for >>>>> syncing Gmail account data. >>>>> >>>>> Bill >>>> >>>> I have copied the backend server configuration to >>>> http://www.stanford.edu/~whm/files/ldap-debugging/. I dumped an >>>> copy of cn=config and there is a files based version the in ldap >>>> subdirectory as well. >>> >>> Where's the configuration for the slapd-ldap server? That's of the >>> most importance... >>> >>> --Quanah >> >> Of course, sorry about that. I have copied the files to the web site. > > Sounds like this may be related to ITS#6817. Please try adding a > dummy binddn to your idassert-bind directive and re-test. I modified the configuration to include: idassert-bind bindmethod=SASL saslmech=GSSAPI mode=none binddn=cn=auth I am stilling getting the invalid-cookie error. % ldapsearch -E pr=1000/noprompt -x -b "cn=people,dc=stanford,dc=edu" -h localhost "(&(objectclass=suPerson)(suVisibIdentity=world))" ou telephonenumber title ...lots of entries... # search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.319 false MA0CAQAECGIdAAAAAAAA pagedresults: cookie=Yh0AAAAAAAA= # extended LDIF # # LDAPv3 # base <cn=people,dc=stanford,dc=edu> with scope subtree # filter: (&(objectclass=suPerson)(suVisibIdentity=world)) # requesting: ou telephonenumber title # with pagedResults control: size=1000 # # search result search: 3 result: 2 Protocol error text: paged results cookie is invalid # numResponses: 1002 # numEntries: 1000 Bill -- Bill MacAllister Infrastructure Delivery Group, Stanford University
