Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Administrative blocking of paged support not detected, returns no results from Tivoli server. #337

Open
nspring opened this issue Dec 3, 2019 · 0 comments
Open

Administrative blocking of paged support not detected, returns no results from Tivoli server. #337

nspring opened this issue Dec 3, 2019 · 0 comments

Comments

@nspring
Copy link

nspring commented Dec 3, 2019

I'm querying what I understand to be a Tivoli server that has decided to limit the availability of paged results by some criteria. It thus advertises that it, as a server, supports paged results, but rejects searches with the error: (using ldapsearch -E pr=1...) "result: 11 Administrative limit exceeded... text: pagedResults control not allowed".

Is there a way this can be reported out? I had to write an instrumenter to find the resulting error string and realize that I can workaround by specifying a nonzero size option in my query, but this took me some time.

To reproduce, using 0.16.2, query directory.umd.edu with and without a size option:

#!/usr/bin/ruby

require 'net-ldap'

puts Net::LDAP::VERSION

class Insty
  def self.instrument(event,payload = {})
    if event == 'search.net_ldap_connection'
      puts "searching with size #{payload[:size]}"
    end
    r = yield payload
    if event == 'read.net_ldap_connection'
      puts "read result: #{payload[:result]}"
    end
    if event == 'search.net_ldap_connection'
      puts "search result: #{payload[:result].inspect}"
    end
    return r
  end
end

ldap = Net::LDAP.new(host: 'directory.umd.edu',
                     port: 636,
                     # instrumentation_service: Insty,
                     encryption: { method: :simple_tls },
                     base: 'ou=people,dc=umd,dc=edu'
                    )

works = ldap.search(size: 3,
                    filter: Net::LDAP::Filter.eq('uid', 'nspring'),
                    attributes: %w[uid cn givenname])

raise 'that worked for me' unless works

should_work = ldap.search(filter: Net::LDAP::Filter.eq('uid', 'nspring'),
                          attributes: %w[uid cn givenname])

if should_work
  puts 'fixed!'
else
  puts 'still busted.'
end

I'm happy to help with a patch if someone can provide an outline of how it should work. Since I have a workaround, I'm submitting the issue mostly in case it can save someone else some time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nspring