[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.1.8 not enforcing sizelimits?



Hi *

All the following was tested with BDB 4.1.24, OpenLDAP 2.1.8 on Solaris 9.
The database type was ldbm but the problems seem to apply to the others
too.

Adding the following line
	limits anonymous size.soft=-1
to slapd.conf set the default limit on the number of returned entries to
'no limit'. Nevertheless I assume that specifying a limit by the client
should be honored by the server but it doesn't. Looking at
	servers/slapd/back-ldbm/search.c:274

        /* if requested limit higher than hard limit, abort */
        } else if ( slimit > limit->lms_s_hard ) {
            /* no hard limit means use soft instead */
            if ( limit->lms_s_hard == 0 && slimit > limit->lms_s_soft ) {
                slimit = limit->lms_s_soft;
                ...

It's obvious what happens as
	slimit = 5		(in my example as passed from the client)
	limit->lms_s_hard	0
	limit->lms_s_soft	-1
the client-spcified soft limit will be set to -1 and therefore ignored. I
suggest to replace the if-construct by one that either ignores values <= 0
or just -1.

As a RFE for the handling I would also suggest to honor
	limits size=none ...
setting the sizelimit to unlimited (-1) instead of 0 as of today caused by
the call to atoi("none").

Another 'problem' arises from having two entries in slapd.conf
	limits anonymous size=-1
	limits anonymous time=100
in this case the timelimit is silently ignored. I know that this spec
doesn't really fit the syntax in the manpage but nevertheless as RFE it
could be accepted or a warning should be issued.

Hope that helps,
Thomas

-----------------------------------------------------------------
PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
Phone:           +49 731 50 22464
FAX:             +49 731 50 22471