[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] Re: LDAP SDK API question.

To: Gordon Good <ggood@netscape.com>
Subject: Re: [ldap] Re: LDAP SDK API question.
From: JR Heisey <jr.heisey@mediagate.com>
Date: Fri, 26 Mar 1999 17:11:17 -0800
Cc: Ian Bruce <ianbruce@lucent.com>, ldap@umich.edu, openldap-devel@OpenLDAP.org
Organization: MediaGate, Inc.
References: <LYR4632-2365-1998.11.17-07.52.41--kristian#netscape.com@listserver.itd.umich.edu> <LYR8267-2841-1998.11.24-21.53.37--ian#dismay.ih.lucent.com@listserver.itd.umich.edu> <LYR17895-9870-1999.03.26-17.16.46--jr.heisey#mediagate.com@listserver.itd.umich.edu> <LYR7978-9873-1999.03.26-18.01.01--ggood#netscape.com@listserver.itd.umich.edu> <36FC2790.7CBD1836@netscape.com>

Hi Gordon,

Blow are my responses marked >>>

Gordon Good wrote:

> This isn't quite correct. There are two separate things here; (1) client SDK timeouts and (2) server time and size
> limits,  I think you're confusing the two.
>
> Client SDK timeouts:
> ==============
> When you call ldap_search_st(), which has the following signature:
>
> int ldap_search_st( LDAP *ld, const char *base, int scope,
>    const char* filter, char **attrs, int attrsonly,
>    struct timeval *timeout, LDAPMessage **res );

>
> ...the "timeout" parameter tells the SDK how long it should wait for the results of the search operation to come
> back from the server. This parameter is *not* passed to the server. It's meant to allow you to deal with the case
> where a server accepts a request and just never answers.
>
> If you look at the source, you'll see that ldap_search_st() is just a call to ldap_search() and then a call to
> ldap_result(), passing the "timeout" parameter to ldap_result(). If the timeout expires, ldap_result() will return
> and the SDK will abandon the operation.
>

>>> This is not correct for Mozilla code. This is correct for OpenLDAP code.

>>> However the OpenLDAP code calls ldap_build_search_req() which in turn includes ld->ld_timelimit
>>> when it sends the request to the server. If this timeout value is smaller than the value
>>> passed to ldap_search_st() the server will timout prematurely.

>>> The Mozilla code calls ldap_search_ext() which calls ldap_build_search_req() however
>>> this version of ldap_build_search_req() has been modified to accept a timeout value which
>>> will override the value in ld->ld_timelimit.

>
> Server-side size and time limits
> =====================
> You can also indicate to the server that you want it to terminate processing of a search operation if too much
> time passes or too many entries are retrieved. If the size or time limit is exceeded, the server will send the
> result code LDAP_TIMELIMIT_EXCEEDED or LDAP_SIZELIMIT_EXCEEDED as appropriate.
>
> You set server-side time and size limits by using the ldap_set_option() call and seting the LDAP_OPT_TIMELIMIT and
> LDAP_OPT_SIZELIMIT options.
>
> Note that servers may have default size and time limits that cannot be overridden by unprivileged clients. For
> example, the umich-derived servers (including Netscape's) allow unprivileged clients to request a smaller size or
> time limit than the default, but such clients cannot set a larger size or time limit.
>
> Hope this clears things up. This information should apply to ldap-3.3, OpenLDAP, and Netscape LDAP C SDKs.
>
> -Gordon
>
> JR Heisey wrote:
>
> > The Mozilla code is implemented is implemented both ways. The timeout
> > value is sent to the server thus the server could timeout. The ldap_search_st()
> > calls the ldap_result() function and passes the timeout. ldap_result() will
> > also return when the timeout duration has elapsed.
> >
> > The OpenLDAP seems to rely on the ldap_result() function to perform
> > the timeout. However the as the search is sent to the server the member timelimit
> > var of the LDAP structure is sent. I consider this an incorrect implementation
> > because the timelimit var of the LDAP structure can never be overridden
> > with the timeout value passed to ldap_search_st().
> >
> > Thought I'd cross post the to the OpenLDAP group.
> >
> > JR
> >
> > Ian Bruce wrote:
> >
> > > Does the ldap_search_st() function depend in any way on the server or is it just
> > > a client side timeout mechanism?
> > > --
> > >
> > > Ian Bruce
> > > (630) 713-7387
> > > ianbruce@lucent.com
> > >
> > > ---
> > > You are currently subscribed to ldap@umich.edu as: jr.heisey@mediagate.com
> > > To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.
> >
> > --
> > -
> > J. R. Heisey
> >
> > ---
> > You are currently subscribed to ldap@umich.edu as: [ggood@netscape.com]
> > To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.

--
-
J. R. Heisey

Follow-Ups:
- Re: [ldap] Re: LDAP SDK API question.
  - From: ggood@netscape.com (Gordon Good)

References:
- Re: [ldap] Re: LDAP SDK API question.
  - From: ggood@netscape.com (Gordon Good)

Prev by Date: Re: [ldap] Re: LDAP SDK API question.
Next by Date: Re: [ldap] Re: LDAP SDK API question.
Index(es):
- Chronological
- Thread