[389-users] ACIs caching issue
Mark Reynolds
mareynol at redhat.com
Mon Nov 16 17:34:41 UTC 2015
On 11/16/2015 12:30 PM, Adrian Damian wrote:
> Hello 389 Gurus,
>
> This is a very subtle issue that we are seeing on our LDAP server.
> Sometimes, the ACIs return different results for the same search
> executed from different clients (a Java client vs. a Python or the
> ldapsearch client). More specifically, the Java client does not get
> access to attributes that is supposed to see but the Python client
> does. What's even more strange is that after the Python client or
> ldapsearch client access, the Java client also starts working for a
> while and then stops again.
>
> The only difference that we've seen in these two cases in the LDAP
> logs is that when it doesn't work, the Java client makes the server
> skip the ACI that grants access with the message: "Found READ SKIP in
> cache". After running the other clients the ACI in question is
> evaluated and everything works for a while before going back into the
> bad state.
>
> Any ideas of how to fix this?
Adrian,
Can you provide access log snippets showing the java and python client
searches?
What is the ACI(s) that impacts these searches?
Please get: rpm -qa | grep 389-ds-base
Thanks,
Mark
>
> Thank you,
> Adrian
>
> Server version:
>
> 389-Directory/1.2.11.15 B2014.219.179
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list