Strange search result in logs

Wed, 27 Mar 2024 02:28:47 -0700 

Hello,

I’m trying to analyse the requests done to my ldapserver from a  nas. While 
browsing the logs I found the following entries : 

Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 fd=38 ACCEPT from 
IP=10.220.18.3:47000 (IP=0.0.0.0:636)
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 fd=38 TLS established 
tls_ssf=256 ssf=256 tls_proto=TLSv1.2 tls_cipher=ECDHE-RSA-AES256-GCM-SHA384
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 op=0 BIND dn="" 
method=128
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 op=0 RESULT tag=97 err=0 
qtime=0.000014 etime=0.000110 text=
…..
Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SRCH 
base="ou=people,dc=ipb,dc=fr" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(gidNumber=*))
Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SRCH 
attr=gidNumber 
Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SEARCH RESULT 
tag=101 err=4 qtime=0.000007 etime=0.000224 nentries=1 text=    


But if I do the same seach :

Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 fd=31 ACCEPT from 
IP=127.0.0.1:56536 (IP=0.0.0.0:636)
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 fd=31 TLS established 
tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=0 BIND dn="" 
method=128
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=0 RESULT tag=97 err=0 
qtime=0.000008 etime=0.000040 text=
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SRCH 
base="ou=people,dc=ipb,dc=fr" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(gidNumber=*))"
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SRCH attr=gidNumber
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SEARCH RESULT 
tag=101 err=0 qtime=0.000011 etime=0.054003 nentries=5206 text=


I have no specific ACL on the ip quering. 

What I see is that in the first case I have err=4, from what I have found it 
means size limit exceeded. 
Do you have an explanation of the first anwser ? Is there any param that can be 
in the request to cause the err=4  ? Maybe I should rise the logLevel to find 
the difference between the two requests ?

Thanks in advance for any hint...



— 
Frédéric Goudal
Ingénieur Système, DSI Bordeaux-INP
+33 556 84 23 11

Reply via email to