No, it's a pcache bug. 10.10.55.128(remote active directory) works localhost(without pcache) works localhost(with pcache) breaks.
Paging of the results *does* work with AD. And works with back-ldap, pointed at AD. It's only when pcache is added that the paging options are ignored. On Wed, Sep 6, 2017 at 12:48 PM, Quanah Gibson-Mount <[email protected]> wrote: > --On Wednesday, September 06, 2017 6:15 PM +0000 [email protected] wrote: > >> Full_Name: Adam Heath >> Version: 2.4.44 >> OS: debian stretch >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (99.146.168.62) >> >> >> I have configured slapd to proxy to a remote server. >> >> Using ldapsearch, I can talk directly to that remote server, and using the >> pr=200/noprompt option, I get back 2900 results. >> >> Pointing ldapsearch at localhost, *without* pcache, I get the same set of >> results(pages, and the final count is correct). >> >> When I enabled slapo-pcache, with *no* attribute sets, then the paging >> options are removed, and I get only 2000 results(the max-size from the >> remote server). > > > Hi Adam, > > slapo-pcahce is acting in the correct fashion. It would appear that your > remote system is Active Directory, which in typical Microsoft fashion, > deliberately mis-implements paged results so that it incorrectly ignores the > maxsize setting when paged results are in use (contrary to specifications). > I would generally suggest talking to the AD administrator so that the bind > identity of the pcache database is not subject to the maxsize limitation. > > This ITS will be closed. > > Regards, > Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com> >
