httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jones" <oscare...@gmail.com>
Subject Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error
Date Wed, 28 Feb 2007 15:26:19 GMT
Sorry for the delay.
We use our own z/OS specific SDK. There is also a Tivoli SDK , [see Eric
Covener's appends and
http://issues.apache.org/bugzilla/attachment.cgi?id=19394  waiting for
input], which shares some commonality with z/OS  (Tivoli can accept the -1
without a problem, but it acts like 0).

Thoughts are:


1) LDAP_HAS_ZOS_LDAPSDK isn't an apache define yet. (The Tivoli append adds
a LDAP_HAS_TIVOLI_LDAPSDK to apu-conf.m4, and we would do similar). So if it
shouldn't be put in svn yet skip the top 3 lines and what we're left with
isn't much different than the original hardcoded -1, but at least it puts
some doc in the code about whats going on.

#ifdef LDAP_HAS_ZOS_LDAPSDK
#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
#else
#ifdef LDAP_DEFAULT_LIMIT
#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
#else
#define LDAP_LIMIT_VALUE -1 /* equivalent to LDAP_DEFAULT_LIMIT */
#endif
#endif

2)Or the flipside, assuming everyone else who defines 0 and not -1 wants to
use 0:

#ifdef LDAP_HAS_NOVELL_LDAPSDK
#define LDAP_LIMIT_VALUE -1
#else
#ifdef LDAP_DEFAULT_LIMIT
#define LDAP_LIMIT_VALUE LDAP_DEFAULT_TIME
#else
#ifdef LDAP_NO_LIMIT
#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
#else
#define LDAP_LIMIT_VALUE -1
#endif
#endif
#endif

3) Or maybe moving it and define a APR_LDAP_DEFAULT_SIZELIMIT instead of
keeping it in util_ldap.c

4) Or some complicated(?) conf magic that would involve getting a handle and
then calling ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, -1);  and setting
APR_LDAP_DEFAULT_SIZELIMIT to -1 or 0 accordingly.


On 2/23/07, Brad Nicholes <BNICHOLES@novell.com> wrote:
>
> What LDAP client SDK does z/OS use? (Novell, OpenLDAP, Netscape, Other???)
>
> Brad
>
> >>> On 2/22/2007 at 12:52 PM, in message
> <3ce0569d0702221152h3ffa1121j8a8f5586c6b35c67@mail.gmail.com>, "David
> Jones"
> <oscaremma@gmail.com> wrote:
> > Its the z/OS, has LDAP_NO_SIZELIMIT defined. Does not have nor support
> > LDAP_DEFAULT_SIZELIMIT
> >
> > On 2/22/07, Brad Nicholes <BNICHOLES@novell.com> wrote:
> >>
> >> >>> On 2/22/2007 at 7:12 AM, in message
> >> <3ce0569d0702220612n3750e50blf7a7d570a7a4c883@mail.gmail.com>, "David
> >> Jones"
> >> <oscaremma@gmail.com> wrote:
> >> > How about something alone these lines? It assumes there is nobody
> with
> >> > LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still
> >> supports
> >> > and wishes to use the -1 value.
> >> >
> >> > --- util_ldap.c.defaultlimit    Wed Feb 21 16:08:51 2007
> >> > +++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
> >> > @@ -52,15 +52,9 @@
> >> >  #define LDAP_CA_TYPE_BASE64             2
> >> >  #define LDAP_CA_TYPE_CERT7_DB           3
> >> >
> >> > -#ifdef LDAP_DEFAULT_LIMIT
> >> > -#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
> >> > -#else
> >> > -#ifndef LDAP_NO_LIMIT  /* Have neither LDAP_DEFAULT_LIMIT or
> >> LDAP_NO_LIMIT
> >> > */
> >> > -#define LDAP_LIMIT_VALUE  -1
> >> > -#else                  /* Have LDAP_NO_LIMIT, but not
> >> LDAP_DEFAULT_LIMIT */
> >> > -#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
> >> > -#endif                 /* !LDAP_NO_LIMIT */
> >> > -#endif                 /* LDAP_DEFAULT_LIMIT */
> >> > +#ifndef LDAP_NO_LIMIT
> >> > +#define LDAP_NO_LIMIT -1
> >> > +#endif
> >> >
> >> >  module AP_MODULE_DECLARE_DATA ldap_module;
> >> >
> >> > @@ -680,7 +674,7 @@
> >> >      /* search for reqdn */
> >> >      if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> >> > LDAP_SCOPE_BASE,
> >> >                                      "(objectclass=*)", NULL, 1,
> >> > -                                    NULL, NULL, NULL,
> LDAP_LIMIT_VALUE,
> >> > &res))
> >> > +                                    NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> >              == LDAP_SERVER_DOWN)
> >> >      {
> >> >          ldc->reason = "DN Comparison ldap_search_ext_s() "
> >> > @@ -958,7 +952,7 @@
> >> >      if ((result = ldap_search_ext_s(ldc->ldap,
> >> >                                      (char *)basedn, scope,
> >> >                                      (char *)filter, attrs, 0,
> >> > -                                    NULL, NULL, NULL,
> LDAP_LIMIT_VALUE,
> >> > &res))
> >> > +                                    NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> >              == LDAP_SERVER_DOWN)
> >> >      {
> >> >          ldc->reason = "ldap_search_ext_s() for user failed with
> server
> >> > down";
> >> > @@ -1198,7 +1192,7 @@
> >> >      if ((result = ldap_search_ext_s(ldc->ldap,
> >> >                                      (char *)basedn, scope,
> >> >                                      (char *)filter, attrs, 0,
> >> > -                                    NULL, NULL, NULL,
> LDAP_LIMIT_VALUE,
> >> > &res))
> >> > +                                    NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> >              == LDAP_SERVER_DOWN)
> >> >      {
> >> >          ldc->reason = "ldap_search_ext_s() for user failed with
> server
> >> > down";
> >> >
> >>
> >> Maybe I missed this before, but what platform or LDAP SDK does this
> fail
> >> on?  The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1)
> and
> >> according to the OpenLDAP source code, it also supports the same
> >> functionality if the value of sizelimit is -1 even though it does not
> >> specifically define LDAP_DEFAULT_SIZELIMIT.  I don't know what the
> Netscape
> >> or Microsoft SDKs support other than the fact that we have been passing
> >> those SDKs the same -1 value without a problem.  I believe that the
> only
> >> reason why we see the hardcoded -1 rather than a #define is simply
> because
> >> not all of the SDKs provide a #define yet they all seems to support the
> >> functionality.  We just need to validate that theory.
> >>
> >> Brad
> >>
> >
>
>
>

Mime
View raw message