DPS 11.1.1.x Ignores Client Requested Search Timeout
(Doc ID 1644329.1)
Last updated on NOVEMBER 18, 2022
Applies to:
Oracle Directory Server Enterprise Edition - Version 11.1.1.5.1 and laterInformation in this document applies to any platform.
Symptoms
When a client requested timeout is included in a search request against DPS (such as the -l option in the ODSEE ldapsearch) with a Resource Limits Policy configured, DPS will ignore that time limit request and the search continues until it completes.
When the same search is run against the Directory Server, the client is disconnected after the time limit has been reached.
TEST CASE
------------
1) Run ldapsearch with the -l switch to set a client side timelimit.
# time ldapsearch -l 3 -p 1000 -D "uid=<USER.1>,ou=people,dc=<SUFFIX_DN>" -w <PASSWORD> -b dc=<SUFFIX_DN> uid=* > /dev/null
ldap_search: Timelimit exceeded
real 0m3.412s
user 0m0.227s
sys 0m0.264s
2) Create a basic Resource Limits Policy, e.g.
# dpconf create-resource-limits-policy -p 1000 -w /tmp/passwd MaxCons
3) Assign the Resource Policy created above to the Ex_conn_handler.
dpconf set-connection-handler-prop -p 1000 -w /tmp/passwd Ex_conn_handler resource-limits-policy:MaxCons
# dpconf get-connection-handler-prop -p 1000 -w /tmp/passwd Ex_conn_handler
resource-limits-policy
resource-limits-policy : MaxCons
4) Search again using the same search as above (Step #1), the client side timelimit is ignored.
# time ldapsearch -l 3 -p 1000 -D "uid=<USER.1>,ou=people,dc=<SUFFIX_DN>" -w <PASSWORD> -b dc=<SUFFIX_DN> uid=* > /dev/null
^C
real 0m35.539s
user 0m0.001s
sys 0m0.004s
Access log -
[01/Nov/2013:20:56:19 +0000] - PROFILE - INFO - conn=21 assigned to connection handler cn=Ex_conn_handler,cn=connection handlers,cn=config
[01/Nov/2013:20:56:19 +0000] - CONNECT - INFO - conn=21 client=<CLIENT_IP>:50319 server=localhost:1000 protocol=LDAP
[01/Nov/2013:20:56:19 +0000] - OPERATION - INFO - conn=21 op=0 msgid=1 BIND dn="uid=<USER.1>,ou=people,dc=<SUFFIX_DN>" method="SIMPLE" version=3 controls=""
[01/Nov/2013:20:56:19 +0000] - SERVER_OP - INFO - conn=21 op=0 BIND dn="uid=<USER.1>,ou=people,dc=<SUFFIX_DN>" method="SIMPLE" version=3 s_msgid=30 s_conn=ds2:2
[01/Nov/2013:20:56:19 +0000] - SERVER_OP - INFO - conn=21 op=0 BIND RESPONSE err=0 msg="" s_msgid=30 s_conn=ds2:2 etime=1
[01/Nov/2013:20:56:19 +0000] - OPERATION - INFO - conn=21 op=0 BIND RESPONSE err=0 msg="" etime=2
[01/Nov/2013:20:56:19 +0000] - OPERATION - INFO - conn=21 op=1 msgid=2 SEARCH base="dc=<SUFFIX_DN>" scope=2 controls="" filter="(uid=*)" attrs="*"
[01/Nov/2013:20:56:19 +0000] - SERVER_OP - INFO - conn=21 op=1 SEARCH base="dc=<SUFFIX_DN>" scope=2 filter="(uid=*)" attrs="*" s_msgid=31 s_conn=ds2:2
[01/Nov/2013:20:56:54 +0000] - OPERATION - INFO - conn=21 DISCONNECT
[01/Nov/2013:20:56:54 +0000] - DISCONNECT - INFO - conn=21 reason="closed by client"
[01/Nov/2013:20:56:54 +0000] - SERVER_OP - INFO - conn=21 op=1 ABANDON s_msgid=32 s_abandon_msgid=31 s_conn=ds2:2
EXPECTED BEHAVIOR
-----------------------
ldapsearch should stop after reaching client requested time limit
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |