It's all about the answers!

Ask a question

Jazz in Tomcat 6 and Openldap 2.3.43 invalid ldapsearch


Günther Falk (111) | asked Apr 03 '09, 11:03 a.m.
Hi,

I have installed Jazz on a Gentoo Machine with Tomcat 6.0.18 and Openldap 2.3.43.
After having configured correctly a derby database, the LDAP server should be used for authentication, as we already have an existing LDAP structure.

The LDAP Configuration Page has some issues concerning ldaps. But besides of that I get a serious problem when connecting to the ldap and testing the connection through the web interface.
I get a Error number 4, LDAP_SIZE_LIMIT_EXCEEDED. Which is kind of strange as a normal LDAP search with the ldapsearch utility works correctly. Setting the limit to unlimited did also not resolve the issue.

Please see the posted logs for info:

Webinterface has the following trace:

Apr 3 16:24:14 auth slapd[16693]: conn=8 op=0 BIND dn="cn=jazz,dc=mydomain,dc=com" method=128
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=0 BIND dn="cn=jazz,dc=mydomain,dc=com" mech=SIMPLE ssf=0
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=0 RESULT tag=97 err=0 text=
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=1 SRCH base="ou=People,dc=internal,dc=mydomain,dc=com" scope=2 deref=3 filter="(uid=*)"
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=1 SRCH attr=mail cn uid
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=1 SEARCH RESULT tag=101 err=4 nentries=5 text=
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=2 SRCH base="ou=Group,dc=internal,dc=mydomain,dc=com" scope=2 deref=3 filter="(cn=*)"
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=2 SRCH attr=cn memberUid
Apr 3 16:24:14 auth slapd[16693]: conn=8 op=2 SEARCH RESULT tag=101 err=4 nentries=5 text=


The ldapsearch is invoked like:

ldapsearch -H ldaps://auth:636 -D cn=jazz,dc=mydomain,dc=com -a always -b ou=People,dc=internal,dc=mydomain,dc=com -W "(uid=*)" "mail cn uid"

Result is printed correctly and the LDAP has the following log:

Apr 3 16:30:37 auth slapd[16693]: conn=28 fd=25 TLS established tls_ssf=256 ssf=256
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=0 BIND dn="cn=jazz,dc=mydomain,dc=com" method=128
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=0 BIND dn="cn=jazz,dc=mydomain,dc=com" mech=SIMPLE ssf=0
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=0 RESULT tag=97 err=0 text=
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=1 SRCH base="ou=People,dc=internal,dc=mydomain,dc=com" scope=2 deref=3 filter="(uid=*)"
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=1 SRCH attr=mail cn uid
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=1 SEARCH RESULT tag=101 err=0 nentries=35 text=
Apr 3 16:30:37 auth slapd[16693]: conn=28 op=2 UNBIND
Apr 3 16:30:37 auth slapd[16693]: conn=28 fd=25 closed


Anybody knows how to solve that problem please?

Regards

Guenther Falk

4 answers



permanent link
Günther Falk (111) | answered Apr 03 '09, 11:04 a.m.
After writting the Post, I got an idea.
There are some members not having the mail attribute.
Is there a possibility to alter the filter for user research please?

permanent link
Balaji Krish (1.8k12) | answered Apr 03 '09, 5:40 p.m.
JAZZ DEVELOPER
There are no problems with your setup :

When we perform a query in the configuration page, we set the count limit to 5. (because we don't need lot of data to verify the configuration specified in the page).

SIZE_LIMIT_EXCEEDED will be logged if the size limit specified by client or server has been exceeded. (the results from the query we executed returned 35 entries and we are only choosing 5)

From javadoc :
public static final int SIZE_LIMIT_EXCEEDED
Indicates that in a search operation, the size limit specified by the client or the server has been exceeded. Incomplete results are returned.
SIZE_LIMIT_EXCEEDED = 4


I am curious to know how you got the log. Is there a setting in your LDAP directory to display all the requests / responses ?

--- Balaji
Jazz Server Team

After writting the Post, I got an idea.
There are some members not having the mail attribute.
Is there a possibility to alter the filter for user research please?

permanent link
Günther Falk (111) | answered Apr 06 '09, 3:09 a.m.
Hi,

Thanks for your answer and the good explanation.

Gentoo has a file:
/var/log/debug

In there I get all debug notifications.
(Host and Client)

Nevertheless I would like to change the filter because not all registered users should have access to Jazz.
Do you know how to change that please?

Regards

Guenther

permanent link
Balaji Krish (1.8k12) | answered Apr 06 '09, 5:01 p.m.
JAZZ DEVELOPER
I didn't understand your question "I would like to change the filter" ?

--- Balaji

Hi,

Thanks for your answer and the good explanation.

Gentoo has a file:
/var/log/debug

In there I get all debug notifications.
(Host and Client)

Nevertheless I would like to change the filter because not all registered users should have access to Jazz.
Do you know how to change that please?

Regards

Guenther

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.