Home / server / Questions / 816491
Accepted
Leo
Asked: 2016-11-23 18:46:45 +0800 CST

How do I set size.pr in OpenLDAP?

  • 772

I think one of my LDAP clients is hitting a pagination limit in OpenLDAP. The specific error the client sees is the following Java thing:

REASON: Caught exception running LDAP sync. 
[LDAP: error code 2 - paged results cookie is invalid]; 
nested exception is javax.naming.CommunicationException: 
[LDAP: error code 2 - paged results cookie is invalid]; 
remaining name 'dc=example,dc=com'

Googling for that error brought up a discussion of LDAP pagination and relevant limits. This document on OpenLDAP limits mentions olcSizeLimit and size.pr.

I was able to change my olcSizeLimit from 500 to -1 using this ldif:

dn: cn=config
changetype: modify
replace: olcSizeLimit
olcSizeLimit: -1

Unfortunately my client is still seeing its pagination issue.

size.pr is a slapd.conf setting, while my OpenLDAP uses slapd.d instead. After grepping around in the LDAP schema, I've found olcDbClientPr which is described as 'PagedResults handling'. Also, here's how it's described in the OpenLDAP source code:

{ "client-pr", "accept-unsolicited|disable|<size>", 2, 2, 0,
    ARG_MAGIC|LDAP_BACK_CFG_CLIENT_PR,
    meta_back_cf_gen, "( OLcfgDbAt:3.111 "
        "NAME 'olcDbClientPr' "
        "DESC 'PagedResults handling' "
        "SYNTAX OMsDirectoryString "
        "SINGLE-VALUE )",
    NULL, NULL },

On the assumption that olcDbClientPr is the same thing as size.pr, how do I set it?

I've tried this:

dn: cn=config
changetype: modify
replace: olcDbClientPr
olcDbClientPr: -1

It throws this error:

modifying entry "cn=config"
ldap_modify: Object class violation (65)
    additional info: attribute 'olcDbClientPr' not allowed

In case it's relevant, here are the contents of my cn=config directory:

# ls /etc/openldap/slapd.d/cn=config/
cn=module{0}.ldif  olcDatabase={0}config.ldif     olcDatabase={1}hdb.ldif
cn=schema          olcDatabase={-1}frontend.ldif  olcDatabase={1}monitor.ldif
cn=schema.ldif     olcDatabase={1}hdb
openldap

1 Answers

  1. Best Answer

    size.pr is a, per database (and dn/group scopable), olcLimits option. You might also be interested in the global olcSizeLimit option.

    From slapd-config(5):

    olcSizeLimit: size[.{soft|hard|unchecked}]= [...]
    Specify the maximum number of entries to return from a search operation. The default size limit is 500. Use unlimited to specify no limits. The second format allows a fine grain setting of the size limits. Extra args can be added in the same value or as additional values. See olcLimits for an explanation of the different flags.

    olcDbClientPr is not the same as size.pr.

    • 3