Re: [Evolution] Debugging LDAP queries?



Hmm, the only server I can find that generates ADMIN_LIMIT_EXCEEDED (error 11) is netscape directory server - it's generated when the "look through limit" is exceeded while building a list of candidate matches.

here's the blurb from the documentation:


Look Through Limit in Entries

Description Specifies the maximum number of entries that ns-slapd will check when seeking candidate entries in response for a search request. If this limit is reached, ns-slapd returns any entries it has located that match the search request, as well as an exceeded size limit error. For a general discussion of the searching algorithm, refer to "The Searching Algorithm".

>From the above it sounds like it's similar to the search size limit, only it's used at the start of the search as opposed to the end.  Regardless, it sounds like there's too many possible candidates (probably due to the complexity of the query, or just the number of ORs in the query.) and the first n candidates (where n = look through limit) don't match the query.  If you have the ldapsearch command locally, try this:

$ ldapsearch -h <ldapserver> -x -b <search base> -s <search scope> '(|(displayName=had*)(mail=had*)(|(cn=had*)(sn=had*))(fileAs=had*))' dn
and see if that works.

If you have access to the server's slapd.conf file (or the directory admin's ear) see if you can find out what the lookthroughlimit is set to.

at present there's not much we can do as far as simplifying that query.  The really yucky fileAs/sn part is caused by the ldap backend, and is expanded from queries on the fileAs attribute (since on entries with fileAs we want to use that, but on entries without it we want to use sn), and we might be able to just replace that big mess with (fileAs=had*) in certain instances (where sn is already in the query.)

Chris


On Fri, 2002-11-08 at 08:49, Bob Haddleton wrote:
On Thu, 2002-11-07 at 17:59, Chris Toshok wrote:
> If you do killev, then run wombat from a terminal and watch it's output
> you'll see the query that's sent to the ldap server (as well as the
> result code the server sends back.)

Here's what I got:

wombat-Message: Starting wombat
Wombat up and running
wombat-pas-Message: libldap vendor/version: OpenLDAP  2.00.11
wombat-pas-Message: extensions present:
wombat-pas-Message: X_OPENLDAP
wombat-pas-Message: X_OPENLDAP_V2_REFERRALS
wombat-pas-Message: TLS not available (ldap_error 0x5c)
wombat-pas-Message: supported server control: 2.16.840.1.113730.3.4.2
wombat-pas-Message: supported server control: 2.16.840.1.113730.3.4.3
wombat-pas-Message: supported server control: 2.16.840.1.113730.3.4.4
wombat-pas-Message: supported server control: 2.16.840.1.113730.3.4.5
wombat-pas-Message: supported server control: 1.2.840.113556.1.4.473
wombat-pas-Message: supported server control: 2.16.840.1.113730.3.4.9
wombat-pas-Message: supported server control: 2.16.840.1.113730.3.4.12
wombat-pas-Message: supported SASL mechanism: EXTERNAL
searching server using filter: (| (displayName=had*) (mail=had*)
(|(cn=had*)(sn=had*)) (|(fileAs=had*)(&(!(fileAs=*))(sn=had*))) )

wombat-pas-WARNING **: search returned 11

Every query that is attempted returns "11".

Anything else I can look at?

Thanks!

-- 
Bob Haddleton
bobh lucent com


_______________________________________________
evolution maillist  -  evolution ximian com
http://lists.ximian.com/mailman/listinfo/evolution


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]