[SAMBA4] Make paged results the default in ldb_ildap
Andrew Bartlett
abartlet at samba.org
Mon Aug 14 06:37:32 GMT 2006
On Mon, 2006-08-14 at 01:49 -0400, simo wrote:
> On Mon, 2006-08-14 at 11:43 +1000, Andrew Bartlett wrote:
> > Simo,
> >
> > A while ago, we discussed my desire for the paged results control to be
> > enabled by default, on all LDAP queries.
> >
> > For the benefit of the list, I was discussing with simo a problem I was
> > having, with downloading a large amount of data from AD's LDAP server.
> >
> > At the current time, I'm looking to download schema information from
> > AD's LDAP server, but I'm likewise interested in how an async winbindd
> > could be built, given we now have the infrastructure.
> >
> > I know I can specify magic options to ldbsearch, but this misses the
> > point:
> >
> > My assertion is that the caller, and in the case of the ldbsearch
> > binary, the user, should have this 'just work'. If the search would
> > return too many entries for one try, it should retry with paged results
> > transparently.
> >
> > I'm happy to make it possible for the caller to disable it, but I would
> > like the control to be on by default, as otherwise there is a differece
> > in behaviour between the TDB and LDAP backends.
> >
> > This would also allow our clients to make large searches via our LDAP
> > server, where we can then apply the sort control and similar.
> > Otherwise, clients can only do large searches against tdb (which has no
> > such size limit).
>
> We can do this, but I want it done right.
>
> The problem with the paged control is that it requires the caller to
> make multiple calls.
Why can't the backend re-issue the request for the remaining attributes?
That way, the caller only does one call, and the async code works
exactly how we want: it returns the results when available.
> Also we cannot use the control when it is not supported by the remote
> server.
Indeed. But I presume we don't need to mark it critical?
> So the right way to do it is to do it inside ldb_search(), and to not
> repeat a rootDSE search at every ldb_search() we need to keep the
> information about whether the server supports paged results or not
> somewhere. In theory the right place would be the ldb backend, but then
> we would need a way to query it to know whether or not we are allowed to
> use the paged search control.
The ldb_ildap backend already does a rootDSE search at startup, to find
out other things. Looking for that control would not be particularly
painful.
> What we can't do, is to query the rootDSE at each search, or forcibly
> add the paged control at any serach in the ldb backend, because when you
> use the ldb_request(0 call it means you want complete control over what
> happens on the wire, you don't want "surprises".
I'm happy to have a 'no supprises' flag, to turn this off, or an
'automagic' flag to turn this on, or a module that sets this, or
something. But it would be pointless if the ldb_request interface,
which is what an async winbind would use doesn't do the 'right thing' by
default.
> So provided we find a decent method to make ldb_search() know when to
> use the paged results control I am ok adding the code to do it there
> automatically.
I really think this belongs in the ldb_ildap backend. But talk without
code is pointless, so I'll try and code something up.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060814/c57fec82/attachment.bin
More information about the samba-technical
mailing list