I'll say it another way. ldapsearch is asking for 200 items at a time. But it gets 2000 from the local slapd, when pcache is enabled. What the local client is asking of slapd should be separate from how it talks to the back-ldap. If the back-ldap returns more results then the requested page size, then slapd should handle that.
On Wed, Sep 6, 2017 at 12:59 PM, Adam Heath <[email protected]> wrote: > No, it's a pcache bug. > > 10.10.55.128(remote active directory) works > localhost(without pcache) works > localhost(with pcache) breaks. > > Paging of the results *does* work with AD. And works with back-ldap, > pointed at AD. It's only when pcache is added that the paging options > are ignored. > > On Wed, Sep 6, 2017 at 12:48 PM, Quanah Gibson-Mount <[email protected]> wrote: >> --On Wednesday, September 06, 2017 6:15 PM +0000 [email protected] wrote: >> >>> Full_Name: Adam Heath >>> Version: 2.4.44 >>> OS: debian stretch >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (99.146.168.62) >>> >>> >>> I have configured slapd to proxy to a remote server. >>> >>> Using ldapsearch, I can talk directly to that remote server, and using the >>> pr=200/noprompt option, I get back 2900 results. >>> >>> Pointing ldapsearch at localhost, *without* pcache, I get the same set of >>> results(pages, and the final count is correct). >>> >>> When I enabled slapo-pcache, with *no* attribute sets, then the paging >>> options are removed, and I get only 2000 results(the max-size from the >>> remote server). >> >> >> Hi Adam, >> >> slapo-pcahce is acting in the correct fashion. It would appear that your >> remote system is Active Directory, which in typical Microsoft fashion, >> deliberately mis-implements paged results so that it incorrectly ignores the >> maxsize setting when paged results are in use (contrary to specifications). >> I would generally suggest talking to the AD administrator so that the bind >> identity of the pcache database is not subject to the maxsize limitation. >> >> This ITS will be closed. >> >> Regards, >> Quanah >> >> >> -- >> >> Quanah Gibson-Mount >> Product Architect >> Symas Corporation >> Packaged, certified, and supported LDAP solutions powered by OpenLDAP: >> <http://www.symas.com> >>
