Hi all,
We encounter a problem using server-side sort and virtual list view controls in our search requests. After sending one search requests the slapd remains busy until it is restarted: Executing the command /home/openldap/openldap-2.4.21-install/bin/ldapsearch -h localhost -p 9389 -D cn=openldapadmin -w welcome -b o=CustomerCA,c=de -s children -E!sss=sncertnr -E!vlv="0/0/1/0" "objectclass=*" Generates the following output: # extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope children # filter: objectclass=* # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/0/1/0 # # R\C3\BCger OttoSER:9000, testsuite, CustomerCA, de dn:: Y249UsO8Z2VyIE90dG9TRVI6OTAwMCxvdT10ZXN0c3VpdGUsbz1DdXN0b21lckNBLGM9ZGU= SNcertNr: 9000 # search result search: 2 result: 0 Success control: 1.2.840.113556.1.4.474 false MAMKAQA= sortResult: (0) Success control: 2.16.840.1.113730.3.4.10 false MA8CAQECAQsCAQAEBJB4LAg= vlvResult: pos=1 count=11 context=kHgsCA== (0) Success # numResponses: 2 # numEntries: 1 Press [before/after(/offset/count|:value)] Enter for the next window. # extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope children # filter: objectclass=* # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/0/1/11 # # search result search: 3 result: 4 Size limit exceeded # numResponses: 1 Why is the size limit exceeded here? Executing the same command once more produces the following output: # extended LDIF # # LDAPv3 # base <o=CustomerCA,c=de> with scope children # filter: objectclass=* # requesting: sncertnr # with server side sorting critical control # with virtual list view critical control: 0/0/1/0 # # search result search: 2 result: 51 Server is busy text: Other sort requests already in progress # numResponses: 1 Now slapd doesn't accept sssvlv requests anymore, it has to be restarted. Here is the content of slapd.conf: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /home/openldap/openldap-2.4.21-install/etc/openldap/schema/core.schema include /home/openldap/openldap-2.4.21-install/etc/openldap/schema/isis_mtt_exte nsions.schema include /home/openldap/openldap-2.4.21-install/etc/openldap/schema/secunet_isis_ mtt_extensions.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /home/openldap/openldap-2.4.21-install/var/run/slapd.pid argsfile /home/openldap/openldap-2.4.21-install/var/run/slapd.args # Load dynamic backend modules: modulepath /home/openldap/openldap-2.4.21-install/libexec/openldap # modulepath /usr/local/libexec/openldap moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # moduleload /home/openldap/openldap-2.4.21-install/libexec/openldap/compmatch # moduleload /home/openldap/openldap-2.4.21-install/libexec/openldap/compmatch.la # moduleload compmatch.la # overlay server-side-sorting + virtual list view: overlay sssvlv # Sets the maximum number of concurrent sort requests allowed # across all connections; the default is one half of the number of # server threads: sssvlv-max 8 # Sets the maximum number of keys allowed in a sort request; the # default is 5: sssvlv-maxkeys 5 # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "" rootdn "cn=openldapadmin" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw welcome # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /home/openldap/openldap-2.4.21-install/var/openldap-data # Indices to maintain index objectClass eq index c eq index o eq index ou eq index sncertnr eq index sncerthash eq index snissuerkeyhash eq index snissuernamehash eq Does anybody have an idea? Executing this command against a Sun DS 6 server doesn't generate this problem. Regards, Hartmut
