Re: Strange search result in logs

2024-03-27 Thread Howard Chu 
Quanah Gibson-Mount wrote:
> 
> 
> --On Wednesday, March 27, 2024 11:28 AM +0100 Frédéric Goudal 
>  wrote:
> 
>> Hello,
>>
>> I'm trying to analyse the requests done to my ldapserver from a  nas.
>> While browsing the logs I found the following entries :
>>
>> I have no specific ACL on the ip quering.
> 
> 
> Do you have any "limits" directives in your configuration?

He should instead check for a sizelimit being set by the client.

-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Re: Strange search result in logs

2024-03-27 Thread Frédéric Goudal 



> Le 27 mars 2024 à 15:35, Quanah Gibson-Mount  a écrit :
> 
> 
> 
> --On Wednesday, March 27, 2024 11:28 AM +0100 Frédéric Goudal 
>  wrote:
> 
>> Hello,
>> 
>> I'm trying to analyse the requests done to my ldapserver from a  nas.
>> While browsing the logs I found the following entries :
>> 
>> I have no specific ACL on the ip quering.
> 
> 
> Do you have any "limits" directives in your configuration?

No. 

But I think I have found the solution (as always after asking on the list) : if 
I add a size limit in the query (ldapsearch -z 1) I have exactly the same log 
lines when query manually than the NAS.
So I guess that the NAS is trying to find if there is any data gidNumber in the 
ou branch, if it gets one entry and err=4 that means there are data

Sorry for the too quick question.

f.g




> --Quanah

— 
Frédéric Goudal
Ingénieur Système, DSI Bordeaux-INP
+33 556 84 23 11

Re: Strange search result in logs

2024-03-27 Thread Quanah Gibson-Mount 




--On Wednesday, March 27, 2024 11:28 AM +0100 Frédéric Goudal 
 wrote:



Hello,

I'm trying to analyse the requests done to my ldapserver from a  nas.
While browsing the logs I found the following entries :

I have no specific ACL on the ip quering.



Do you have any "limits" directives in your configuration?

--Quanah

Strange search result in logs

2024-03-27 Thread Frédéric Goudal 
Hello,

I’m trying to analyse the requests done to my ldapserver from a  nas. While 
browsing the logs I found the following entries : 

Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 fd=38 ACCEPT from 
IP=10.220.18.3:47000 (IP=0.0.0.0:636)
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 fd=38 TLS established 
tls_ssf=256 ssf=256 tls_proto=TLSv1.2 tls_cipher=ECDHE-RSA-AES256-GCM-SHA384
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 op=0 BIND dn="" 
method=128
Mar 27 09:35:45 ldapd2021 slapd[3670819]: conn=2910400 op=0 RESULT tag=97 err=0 
qtime=0.14 etime=0.000110 text=
…..
Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SRCH 
base="ou=people,dc=ipb,dc=fr" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(gidNumber=*))
Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SRCH 
attr=gidNumber 
Mar 27 09:37:43 ldapd2021 slapd[3670819]: conn=2910400 op=720 SEARCH RESULT 
tag=101 err=4 qtime=0.07 etime=0.000224 nentries=1 text=


But if I do the same seach :

Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 fd=31 ACCEPT from 
IP=127.0.0.1:56536 (IP=0.0.0.0:636)
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 fd=31 TLS established 
tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=0 BIND dn="" 
method=128
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=0 RESULT tag=97 err=0 
qtime=0.08 etime=0.40 text=
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SRCH 
base="ou=people,dc=ipb,dc=fr" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(gidNumber=*))"
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SRCH attr=gidNumber
Mar 27 09:58:34 ldapd2021 slapd[3670819]: conn=2911004 op=1 SEARCH RESULT 
tag=101 err=0 qtime=0.11 etime=0.054003 nentries=5206 text=


I have no specific ACL on the ip quering. 

What I see is that in the first case I have err=4, from what I have found it 
means size limit exceeded. 
Do you have an explanation of the first anwser ? Is there any param that can be 
in the request to cause the err=4  ? Maybe I should rise the logLevel to find 
the difference between the two requests ?

Thanks in advance for any hint...



— 
Frédéric Goudal
Ingénieur Système, DSI Bordeaux-INP
+33 556 84 23 11