Can a LDAP Simple Paged Results search be chained within a CA Directory backbone?

Document ID : KB000052982
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This techdoc provides an example (with DSA traces) of a distributed LDAP Simple Paged Results search that is received by a CA Directory router DSA. The search is then chained to all subordinate DSA's and the search results are combined and returned to the LDAP application as one set of search results.

Solution:

From CA Directory r12.0 SP1, the LDAP Simple Paged Results control is active by default for all DSAs.

There is no configuration required.

This can be confirmed when you query the root DSE object within any r12.0 SP1 DSA. the following supportedControls can be seen:

supportedControl:

1.2.840.113556.1.4.473
1.2.840.113556.1.4.319
1.3.6.1.4.1.42.2.27.8.5.1
2.16.840.1.113730.3.4.18

1.2.840.113556.1.4.319 is the Simple Paged Results control. This is active by default on ALL DSA's in r12.0 SP1 and onwards.

A simple test can be used to confirm that Simple Paged Results is functional.

  1. Setup the r12.0 SP1 router, UNSPSC and democorp sample DSAs.

  2. Group the knowledge of the three DSA's so that chaining is possible.

  3. Use the open source LDAPsearch tool to submit a simple pages results search.

Pre-requisite: You need to add an entry manually to UNSPSC dsa which has cn=Linda Bradford

ldapsearch -h {hostName} -p 19289 -s sub -E pr=1 -b "c=AU" "(cn=Linda*)"

The -E pr=1 is the simple paged results switch and it instructs the directory backbone to only return the first/next one search results that match the search filter of cn=Linda*.

Confirming the Simple Paged Results Search request

The Simple Paged Results search request will be received by the router and if the search has the scope of "subtree", then it will chain the request onto all subordinate namespace DSAs.

Router Search

The first operation received/processed is the ldapsearch executable sending in the search request.

<- #8 LDAP SEARCH-REQ         
    invoke-id = 2 credit = 4 
 Base object: 
    <countryName "AU">         
 Search subset: Whole subtree 
 Filter: 
     commonName substrings: initial: "Linda" Don't Search Aliases         
     Don't Search Aliases 
     Service controls: 
         Options: Don't deref aliases 
     Controls: 
         simple-paged-results size = 1

The router then performs a search of it's own namespace, which is an internally generated "console" search, which returns no results as it's a router DSA.

<- #10 CONSOLE SEARCH-REQ         
    invoke-id = 2 credit = 0 
 Base object: 
 <countryName "AU">         
 Search subset: Whole subtree 
 Filter: 
    commonName substrings: initial: "Linda" Don't Search Aliases         
 Don't Search Aliases 
 Service controls: 
    Options: Don't deref aliases 
    flags = IDU_FLAGS_PAGED_RESULT 
 Controls:                      
     simple-paged-results size = 1

The router then internally generates a search request for the UNSPSC and DEMOCORP DSA's and chains the searches on.

(Remote) -> #1 [unspsc] DSP SEARCH-REQ         
    invoke-id = 13 credit = 1 
 Base object: 
    <countryName "AU">         
    <organizationName "UNSPSC">         
 Search subset: Whole subtree 
 Filter: 
    commonName substrings: initial: "Linda" Don't Search Aliases         
 Don't Search Aliases 
 Service controls: 
    Options: No chaining 
 Chaining Arguments: 
    Trace Information: 
       DSA: 
          <commonName "router">         
       Operation Progress: Name Resolution Phase: Not Started 
     Controls: 
        simple-paged-results size = 1 
        flags = IDU_FLAGS_PAGED_RESULT 
 Controls:                      
      simple-paged-results size = 1                      
          ------------------------------------------------- 
(Remote) -> #2 [democorp] DSP SEARCH-REQ         
    invoke-id = 14 credit = 1 
 Base object: 
   <countryName "AU">         
   <organizationName "Democorp">         
 Search subset: Whole subtree 
 Filter: 
    commonName substrings: initial: "Linda" Don't Search Aliases         
 Service controls: 
    Options: No chaining 
 Chaining Arguments: 
    Trace Information: 
      DSA: 
         <commonName "router">         
      Operation Progress: Name Resolution Phase: Not Started 
      Controls: 
         simple-paged-results size = 1 
      flags = IDU_FLAGS_PAGED_RESULT 
 Controls:                      
      simple-paged-results size = 1

Democorp Search

The Democorp DSA executes the search and returns it's search results, honouring the simple pages results control

-> #0 [router] DSP SEARCH-CONFIRM         
    invoke-id = 19 credit = 1 
 Entry: 27 
    <countryName "AU">         
    <organizationName "Democorp">         
    <organizationalUnitName "Support">         
    <organizationalUnitName "Internal">         
    <commonName "Linda BRADFORD">         
 Contents: 
    (objectClass inetOrgPerson) 
    (commonName "Linda BRADFORD")         
    (surname "BRADFORD")         
    (title "Field Consultant")         
    (telephoneNumber "610 2719")         
    (description "Transportation")         
    (cosineRfc822Mailbox "Linda.BRADFORD@DEMOCORP.com")         
    (postalAddress "122 Longueville Tce"."Kwinana WA")         
    (postalCode "6167")         
 Chaining Results: 
    Controls:                      
       simple-paged-results size = 2 position = 1

UNSPSC Search

The UNSPSC DSA executes the search and finds only one entry.

-> #0 [router] DSP SEARCH-CONFIRM         
    invoke-id = 32 credit = 1 
 Entry: 27 
     <countryName "AU">         
     <organizationName "UNSPSC">         
     <organizationalUnitName "R&D">         
     <commonName "Linda BRADFORD">         
 Contents: 
     (objectClass inetOrgPerson) 
     (commonName "Linda BRADFORD")         
     (surname "BRADFORD")         
     (title "Field Consultant")         
     (telephoneNumber "610 2719")         
     (description "Transportation")         
     (cosineRfc822Mailbox "Linda.BRADFORD@DEMOCORP.com")         
     (postalAddress "122 Longueville Tce"."Kwinana WA")         
     (postalCode "6167")         
 Chaining Results: 
    Controls:                      
         simple-paged-results size = 1     

The search results from both the Democorp and UNSPSC DSA's is then combined by the router and returned to the application as one consolidated set of search results.

This demonstrates how simple paged results is configured and available by default in r12.0 SP1. This also shows how the simple paged results function within a distributed DSA backbone.