[Pkg-openldap-devel] Bug#325764: getent Returning Incorrect Number of Accounts with bdb Backend

[Russ Allbery]

tags 325764 moreinfo
thanks

Hello,

I'm afraid that this is going to be one of those lame "sorry we never
responded to your bug from years ago, but we were wondering if it had
magically disappeared?" messages.  :)

A bit less than two years ago, you reported a bug against the Debian slapd
package:

> We have an LDAP server with a little over 13,000 accounts.  We use
> libnss-ldap for servers to get passwd and shadow information from the
> LDAP server.  Not all servers should have access to the full account
> database, so they are limited with a filter in /etc/libnss-ldap.conf:
> 
> 	nss_base_passwd ou=Account,dc=hampshire,dc=edu?one?host=nike
> 	nss_base_shadow ou=Account,dc=hampshire,dc=edu?one?host=nike
> 
> If there are more than 1,000 accounts after the filter has been applied,
> the LDAP server returns incorrect results.  In one instance it should have
> returned 2117 account but returned 4,208 instead.  In another instance it
> should have returned 10,396 accounts but returned 13,143.  There doesn't
> seem to be any rhyme or reason to the extra accounts it returns.
> Switching to the ldbm backend causes the server to work correctly,
> but then I start to experience data loss as described in bug #304735.
> 
> This only happens when using getent.  Searches performed with ldapsearch
> return the correct results.

Are you still encountering this problem?  The LDAP server on which you ran
into this problem was a major revision ago, and a lot of bugs have been
fixed since then (and there has been a subsequent new stable Debian
release).  Have any of those subsequent releases fixed this problem?

Thank you for any additional information!

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>