DPS 11.1.1.x Ignores Client Requested Search Timeout

(Doc ID 1644329.1)

Last updated on JUNE 28, 2017

Applies to:

Oracle Directory Server Enterprise Edition - Version 11.1.1.5.1 and later
Information in this document applies to any platform.

Symptoms

When a client requested timeout is included in a search request against DPS (such as the -l option in the ODSEE ldapsearch) with a Resource Limits Policy configured, DPS will ignore that time limit request and the search continues until it completes.

When the same search is run against the Directory Server, the client is disconnected after the time limit has been reached.

 

TEST CASE

------------

1) Run ldapsearch with the -l switch to set a client side timelimit.

# time ldapsearch -l 3 -p 1000 -D "uid=Test.1,ou=people,dc=ex,dc=com" -w <password> -b dc=ex,dc=com uid=* > /dev/null
ldap_search: Timelimit exceeded

real 0m3.412s
user 0m0.227s
sys 0m0.264s

2) Create a basic Resource Limits Policy, e.g.

# dpconf create-resource-limits-policy -p 1000 -w /tmp/passwd MaxCons

3) Assign the Resource Policy created above to the Ex_conn_handler.

dpconf set-connection-handler-prop -p 1000 -w /tmp/passwd Ex_conn_handler resource-limits-policy:MaxCons

# dpconf get-connection-handler-prop -p 1000 -w /tmp/passwd Ex_conn_handler
resource-limits-policy
resource-limits-policy : MaxCons

4) Search again using the same search as above (Step #1), the client side timelimit is ignored.

# time ldapsearch -l 3 -p 1000 -D "uid=Test.1,ou=people,dc=ex,dc=com" -w <password> -b dc=ex,dc=com uid=* > /dev/null
^C

real 0m35.539s
user 0m0.001s
sys 0m0.004s

Access log -

[01/Nov/2013:20:56:19 +0000] - PROFILE - INFO - conn=21 assigned to connection handler cn=Ex_conn_handler,cn=connection handlers,cn=config
[01/Nov/2013:20:56:19 +0000] - CONNECT - INFO - conn=21 client=127.0.0.1:50319 server=localhost:1000 protocol=LDAP
[01/Nov/2013:20:56:19 +0000] - OPERATION - INFO - conn=21 op=0 msgid=1 BIND dn="uid=test.1,ou=people,dc=ex,dc=com" method="SIMPLE" version=3 controls=""
[01/Nov/2013:20:56:19 +0000] - SERVER_OP - INFO - conn=21 op=0 BIND dn="uid=Test.1,ou=people,dc=ex,dc=com" method="SIMPLE" version=3 s_msgid=30 s_conn=ds2:2
[01/Nov/2013:20:56:19 +0000] - SERVER_OP - INFO - conn=21 op=0 BIND RESPONSE err=0 msg="" s_msgid=30 s_conn=ds2:2 etime=1
[01/Nov/2013:20:56:19 +0000] - OPERATION - INFO - conn=21 op=0 BIND RESPONSE err=0 msg="" etime=2
[01/Nov/2013:20:56:19 +0000] - OPERATION - INFO - conn=21 op=1 msgid=2 SEARCH base="dc=ex,dc=com" scope=2 controls="" filter="(uid=*)" attrs="*"
[01/Nov/2013:20:56:19 +0000] - SERVER_OP - INFO - conn=21 op=1 SEARCH base="dc=ex,dc=com" scope=2 filter="(uid=*)" attrs="*" s_msgid=31 s_conn=ds2:2
[01/Nov/2013:20:56:54 +0000] - OPERATION - INFO - conn=21 DISCONNECT
[01/Nov/2013:20:56:54 +0000] - DISCONNECT - INFO - conn=21 reason="closed by client"
[01/Nov/2013:20:56:54 +0000] - SERVER_OP - INFO - conn=21 op=1 ABANDON s_msgid=32 s_abandon_msgid=31 s_conn=ds2:2

 

EXPECTED BEHAVIOR
-----------------------
ldapsearch should stop after reaching client requested time limit

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms