httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jones" <oscare...@gmail.com>
Subject Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error
Date Thu, 22 Feb 2007 14:12:42 GMT
How about something alone these lines? It assumes there is nobody with
LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still supports
and wishes to use the -1 value.

--- util_ldap.c.defaultlimit    Wed Feb 21 16:08:51 2007
+++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
@@ -52,15 +52,9 @@
 #define LDAP_CA_TYPE_BASE64             2
 #define LDAP_CA_TYPE_CERT7_DB           3

-#ifdef LDAP_DEFAULT_LIMIT
-#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
-#else
-#ifndef LDAP_NO_LIMIT  /* Have neither LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT
*/
-#define LDAP_LIMIT_VALUE  -1
-#else                  /* Have LDAP_NO_LIMIT, but not LDAP_DEFAULT_LIMIT */
-#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
-#endif                 /* !LDAP_NO_LIMIT */
-#endif                 /* LDAP_DEFAULT_LIMIT */
+#ifndef LDAP_NO_LIMIT
+#define LDAP_NO_LIMIT -1
+#endif

 module AP_MODULE_DECLARE_DATA ldap_module;

@@ -680,7 +674,7 @@
     /* search for reqdn */
     if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
                                     "(objectclass=*)", NULL, 1,
-                                    NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+                                    NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
             == LDAP_SERVER_DOWN)
     {
         ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -958,7 +952,7 @@
     if ((result = ldap_search_ext_s(ldc->ldap,
                                     (char *)basedn, scope,
                                     (char *)filter, attrs, 0,
-                                    NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+                                    NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
             == LDAP_SERVER_DOWN)
     {
         ldc->reason = "ldap_search_ext_s() for user failed with server
down";
@@ -1198,7 +1192,7 @@
     if ((result = ldap_search_ext_s(ldc->ldap,
                                     (char *)basedn, scope,
                                     (char *)filter, attrs, 0,
-                                    NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+                                    NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
             == LDAP_SERVER_DOWN)
     {
         ldc->reason = "ldap_search_ext_s() for user failed with server
down";

On 2/20/07, Brad Nicholes <BNICHOLES@novell.com> wrote:
>
> >>> On 2/19/2007 at 9:29 AM, in message
> <cc67648e0702190829qc3a167evfb7e611fac2acfd4@mail.gmail.com>, "Jeff
> Trawick"
> <trawick@gmail.com> wrote:
> > On 2/15/07, David Jones <oscaremma@gmail.com> wrote:
> >> Currently util_ldap.c has a hard coded -1 as the search limit value
> (meaning
> >> infinite/no limit) on ldap_search_ext_s() calls.  Some platforms cannot
> >> handle the -1, but need a 0.  Linux, zoS (and others) have a
> LDAP_NO_LIMIT
> >> value in ldap.h.
> >>  Below is a patch, allows those who have LDAP_NO_LIMIT value to take
> >> advantage of it, and others to continue using a -1 value.
> >
> > patch committed to trunk and proposed for backport 2.2.x
> > my guess is that -1 is rarely/never the proper value, but that isn't
> > so easy to confirm; hopefully the symbol is always available in modern
> > SDK level
>
> The values of 0 and -1 have a different meaning at least in the Novell
> LDAP SDK.  A value of 0 or LDAP_NO_LIMIT specifies that the search truely
> has no limit to the number of entries that will be returned.  A value of -1
> or LDAP_DEFAULT_SIZELIMIT specifies that the search should default to the
> session value or the value that was set in the session by
> LDAP_OPT_SIZELIMIT.  Changing the sizelimit parameter from -1 to
> LDAP_NO_LIMIT in the calls to ldap_search_ext_s() removes the ability to
> control the size limit through the session options.  In fact the patch that
> was submitted will cause the ldap_search_ext_s() function to act differently
> depending on whether the LDAP SDK has defined LDAP_NO_LIMIT or not.
>
> I can't confirm this because I haven't been able to find it documented for
> all SDKs but I would assume that the initial reason for specifying -1 rather
> than LDAP_NO_LIMIT or LDAP_DEFAULT_SIZELIMIT is because the intention was to
> make the call to ldap_search_ext_s() defer to the size limit specified in
> the session.  But not all SDKs define LDAP_DEFAULT_SIZELIMIT, therefore -1
> was hardcoded.  Can those that know the OpenLDAP or Microsoft LDAP SDKs
> confirm that those SDKs support a -1 or LDAP_DEFAULT_SIZELIMIT?
>
> In the meantime, the patch should probably be revised to make sure that
> all platforms work the same rather than some supporting LDAP_NO_LIMIT and
> other supporting LDAP_DEFAULT_SIZELIMIT.  The preference should be
> LDAP_DEFAULT_SIZELIMIT (-1).
>
> Brad
>

Mime
View raw message