[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "invalid size limit" on some searches

To: Jeffrey Goldberg <jeffrey@goldmark.org>
Subject: Re: "invalid size limit" on some searches
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 05 May 2005 12:47:35 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <5B121EE3-3E9D-44E7-AF62-12C14F25A1F5@goldmark.org>
References: <5B121EE3-3E9D-44E7-AF62-12C14F25A1F5@goldmark.org>

At 12:27 PM 5/5/2005, Jeffrey Goldberg wrote:
>As part of an upgrage from Suse 9.0 to Suse 9.3, openldap was upgraded
>to version 2.2.
>
>Everything is fine, except that searches from one particular client  
>(not using openldap) fail, with errors logged as
>
> slapd[10411]: conn=1 op=1 SEARCH RESULT tag=101 err=2 nentries=0
> text=invalid size limit
>
>We've got a back-up server running slapd 2.1 which is still working
>fine with the same client that is failing against the 2.2 system.
>
>Any help in what I should be looking for to further understand the  
>problem and fix it would be most welcome.

The above message indicates that the client sent a malformed
search request PDU, in particular, with a sizelimit value
either less than 0 or greater than 2^31-1.  By enabling
BER logging you can determine the precise value sent on
the wire (if that is useful).

I note that 2.1 (and prior versions) of slapd(8) suffered from a
number of sizelimit (and timelimit) handling bugs.  As part of
fixing those bugs, checks for various related protocol violations
were added in 2.2.

Anyways, as it is the client which is violating the protocol
specification here, you need to take this problem up with those
responsible for maintaining that client.

Kurt

References:
- "invalid size limit" on some searches
  - From: Jeffrey Goldberg <jeffrey@goldmark.org>

Prev by Date: Re: ldapsearch command help
Next by Date: Re: SLAPD_LISTEN increase
Index(es):
- Chronological
- Thread