Hi, all!
My environment: SLES 11 SP2, eDirectory for Linux x86_64 v8.8 SP7
There are no replicas. All objects are located on the host where
eDirectory is installed.

I'm trying to get Server Side Sort (SSS) working by the attribute
"nrfLocalizedDescrs". I read the the cool solution '\"LDAP Server Side
Sort (SSS) Control\"' (http://tinyurl.com/oox4lhx). I know that SSS is
not officially supported.

*1)* I checked if SSS works on the CN attribute:

Code:
--------------------
ldapsearch -h 10.55.36.196 -p 389 -D cn=admin,ou=sa,o=system -b "cn=testSort,cn=Level10,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UA,cn=driverset1,o=system" -s sub "objectclass=nrfRole" -x -W -E 'sss=cn' dn
--------------------

The output is:
Code:
--------------------

# extended LDIF
#
# LDAPv3
# base <cn=testSort,cn=Level10,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UA,cn=driverset1,o=system> with scope subtree
# filter: objectclass=nrfRole
# requesting: dn
# with server side sorting control
#

# role1, testSort, Level10, RoleDefs, RoleConfig, AppConfig, UA, driverset1,
system
dn: cn=role1,cn=testSort,cn=Level10,cn=RoleDefs,cn=Rol eConfig,cn=AppConfig,cn=
UA,cn=driverset1,o=system

# role2, testSort, Level10, RoleDefs, RoleConfig, AppConfig, UA, driverset1,
system
dn: cn=role2,cn=testSort,cn=Level10,cn=RoleDefs,cn=Rol eConfig,cn=AppConfig,cn=
UA,cn=driverset1,o=system

# role3, testSort, Level10, RoleDefs, RoleConfig, AppConfig, UA, driverset1,
system
dn: cn=role3,cn=testSort,cn=Level10,cn=RoleDefs,cn=Rol eConfig,cn=AppConfig,cn=
UA,cn=driverset1,o=system

# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MIQAAAADCgEA
sortResult: (0) Success

# numResponses: 4
# numEntries: 3

--------------------

We can see "sortResult: (0) Success" at the end of the message. It sorts
output correctly by the "CN" attribute.

LDAP trace output:

Code:
--------------------

1433241344 LDAP: [2014/10/24 11:38:32.564] New cleartext connection 0xe56ca80 from 192.168.5.133:52465, monitor = 0x3dd3f700, index = 14
1420609280 LDAP: [2014/10/24 11:38:32.565] DoBind on connection 0xe56ca80
1420609280 LDAP: [2014/10/24 11:38:32.565] Bind name:cn=admin,ou=sa,o=system, version:3, authentication:simple
1420609280 LDAP: [2014/10/24 11:38:32.570] Sending operation result 0:"":"" to connection 0xe56ca80
1421661952 LDAP: [2014/10/24 11:38:32.571] DoSearch on connection 0xe56ca80
1421661952 LDAP: [2014/10/24 11:38:32.571] Search request:
base: "cn=testSort,cn=Level10,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UA,cn=driverset1,o=system"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=nrfRole)"
attribute: "dn"
1421661952 LDAP: [2014/10/24 11:38:32.571] nds_back_search: Search Control OID 1.2.840.113556.1.4.473
1421661952 LDAP: [2014/10/24 11:38:32.572] Sort setup with index "cn"
1421661952 LDAP: [2014/10/24 11:38:32.795] Sending search result entry "cn=role1,cn=testSort,cn=Level10,cn=RoleDefs,cn=Ro leConfig,cn=AppConfig,cn=UA,cn=driverset1,o=system " to connection 0xe56ca80
1421661952 LDAP: [2014/10/24 11:38:32.796] Sending search result entry "cn=role2,cn=testSort,cn=Level10,cn=RoleDefs,cn=Ro leConfig,cn=AppConfig,cn=UA,cn=driverset1,o=system " to connection 0xe56ca80
1421661952 LDAP: [2014/10/24 11:38:32.797] Sending search result entry "cn=role3,cn=testSort,cn=Level10,cn=RoleDefs,cn=Ro leConfig,cn=AppConfig,cn=UA,cn=driverset1,o=system " to connection 0xe56ca80
1421661952 LDAP: [2014/10/24 11:38:32.799] Sending operation result 0:"":"" to connection 0xe56ca80
1429030656 LDAP: [2014/10/24 11:38:32.800] DoUnbind on connection 0xe56ca80
1429030656 LDAP: [2014/10/24 11:38:32.800] Connection 0xe56ca80 closed

--------------------


*2)* Then I want to sort "nrfRole" objects by the "nrfLocalizedDescrs"
attribute. For this purpose I created an index by value for the
"nrfLocalizedDescrs" attribute (iManager -> Roles and Tasks ->
eDirectory Maintenance -> Indexes) and ensure that its state is
"online".
Then I run the next command:

Code:
--------------------

ldapsearch -h 10.55.36.196 -p 389 -D cn=admin,ou=sa,o=system -b "cn=testSort,cn=Level10,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UA,cn=driverset1,o=system" -s sub "objectclass=nrfRole" -x -W -E 'sss=nrfLocalizedDescrs' nrfLocalizedDescrs

--------------------

The output is:
Code:
--------------------

# extended LDIF
#
# LDAPv3
# base <cn=testSort,cn=Level10,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UA,cn=driverset1,o=system> with scope subtree
# filter: objectclass=nrfRole
# requesting: nrfLocalizedDescrs
# with server side sorting control
#

# role3, testSort, Level10, RoleDefs, RoleConfig, AppConfig, UA, driverset1,
system
dn: cn=role3,cn=testSort,cn=Level10,cn=RoleDefs,cn=Rol eConfig,cn=AppConfig,cn=
UA,cn=driverset1,o=system
nrfLocalizedDescrs: en~roleC|ru~roleC

# role2, testSort, Level10, RoleDefs, RoleConfig, AppConfig, UA, driverset1,
system
dn: cn=role2,cn=testSort,cn=Level10,cn=RoleDefs,cn=Rol eConfig,cn=AppConfig,cn=
UA,cn=driverset1,o=system
nrfLocalizedDescrs: en~roleA|ru~roleA

# role1, testSort, Level10, RoleDefs, RoleConfig, AppConfig, UA, driverset1,
system
dn: cn=role1,cn=testSort,cn=Level10,cn=RoleDefs,cn=Rol eConfig,cn=AppConfig,cn=
UA,cn=driverset1,o=system
nrfLocalizedDescrs: en~roleB|ru~roleB

# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MIQAAAADCgE1
sortResult: (53) Server is unwilling to perform

# numResponses: 4
# numEntries: 3


--------------------

We can see "sortResult: (53) Server is unwilling to perform" at the end
of the message. It doesn't sort output correctly.

LDAP trace output:

Code:
--------------------

1433241344 LDAP: [2014/10/24 11:44:52.176] New cleartext connection 0xea66000 from 192.168.5.133:47683, monitor = 0x3dd3f700, index = 3
1441662720 LDAP: [2014/10/24 11:44:52.176] DoBind on connection 0xea66000
1441662720 LDAP: [2014/10/24 11:44:52.177] Bind name:cn=admin,ou=sa,o=system, version:3, authentication:simple
1441662720 LDAP: [2014/10/24 11:44:52.181] Sending operation result 0:"":"" to connection 0xea66000
976738048 LDAP: [2014/10/24 11:44:52.182] DoSearch on connection 0xea66000
976738048 LDAP: [2014/10/24 11:44:52.182] Search request:
base: "cn=testSort,cn=Level10,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UA,cn=driverset1,o=system"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectclass=nrfRole)"
attribute: "nrfLocalizedDescrs"
976738048 LDAP: [2014/10/24 11:44:52.182] nds_back_search: Search Control OID 1.2.840.113556.1.4.473
976738048 LDAP: [2014/10/24 11:44:52.183] Sort setup with index "nrfLocalizedDescrs"
976738048 LDAP: [2014/10/24 11:44:52.184] SearchWithControls: sort attribute (nrfLocalizedDescrs) not indexed
976738048 LDAP: [2014/10/24 11:44:52.184] nds_back_search: Failure of non-critical control ignored, err = 53 (0x35)
976738048 LDAP: [2014/10/24 11:44:52.185] Sending search result entry "cn=role3,cn=testSort,cn=Level10,cn=RoleDefs,cn=Ro leConfig,cn=AppConfig,cn=UA,cn=driverset1,o=system " to connection 0xea66000
976738048 LDAP: [2014/10/24 11:44:52.185] Sending search result entry "cn=role2,cn=testSort,cn=Level10,cn=RoleDefs,cn=Ro leConfig,cn=AppConfig,cn=UA,cn=driverset1,o=system " to connection 0xea66000
976738048 LDAP: [2014/10/24 11:44:52.185] Sending search result entry "cn=role1,cn=testSort,cn=Level10,cn=RoleDefs,cn=Ro leConfig,cn=AppConfig,cn=UA,cn=driverset1,o=system " to connection 0xea66000
976738048 LDAP: [2014/10/24 11:44:52.185] Sending operation result 0:"":"" to connection 0xea66000
975685376 LDAP: [2014/10/24 11:44:52.186] DoUnbind on connection 0xea66000
975685376 LDAP: [2014/10/24 11:44:52.186] Connection 0xea66000 closed

--------------------

Here we can see the cause of "unwilling to perform":
"SearchWithControls: sort attribute (nrfLocalizedDescrs) not indexed".

*3)* Then I refreshed LDAP (iManager -> Roles and Tasks -> LDAP -> LDAP
options -> View LDAP Servers -> Refresh Indexes), ensured that the
"nrfLocalizedDescrs" index state is online, run the command from the
step 2.
Got the same "unwilling to perform" message and the same cause
"SearchWithControls: sort attribute (nrfLocalizedDescrs) not indexed".
*4)* Then I restart eDirectory, ensured that the "nrfLocalizedDescrs"
index state is online, run the command from the step 2.
Got the same "unwilling to perform" message and the same cause
"SearchWithControls: sort attribute (nrfLocalizedDescrs) not indexed".

====================================

Does anyone has any idea why I get that "SearchWithControls: sort
attribute (nrfLocalizedDescrs) not indexed" message although I created
the index? Is it the consequence of wrong SSS working or I do something
wrong?


--
hello_amigo
------------------------------------------------------------------------
hello_amigo's Profile: https://forums.netiq.com/member.php?userid=211
View this thread: https://forums.netiq.com/showthread.php?t=52031