[Date Prev][Date Next]
Re: [ldap] Re: LDAP SDK API question.
Blow are my responses marked >>>
Gordon Good wrote:
> This isn't quite correct. There are two separate things here; (1) client SDK timeouts and (2) server time and size
> limits, I think you're confusing the two.
> Client SDK timeouts:
> When you call ldap_search_st(), which has the following signature:
> int ldap_search_st( LDAP *ld, const char *base, int scope,
> const char* filter, char **attrs, int attrsonly,
> struct timeval *timeout, LDAPMessage **res );
> ...the "timeout" parameter tells the SDK how long it should wait for the results of the search operation to come
> back from the server. This parameter is *not* passed to the server. It's meant to allow you to deal with the case
> where a server accepts a request and just never answers.
> If you look at the source, you'll see that ldap_search_st() is just a call to ldap_search() and then a call to
> ldap_result(), passing the "timeout" parameter to ldap_result(). If the timeout expires, ldap_result() will return
> and the SDK will abandon the operation.
>>> This is not correct for Mozilla code. This is correct for OpenLDAP code.
>>> However the OpenLDAP code calls ldap_build_search_req() which in turn includes ld->ld_timelimit
>>> when it sends the request to the server. If this timeout value is smaller than the value
>>> passed to ldap_search_st() the server will timout prematurely.
>>> The Mozilla code calls ldap_search_ext() which calls ldap_build_search_req() however
>>> this version of ldap_build_search_req() has been modified to accept a timeout value which
>>> will override the value in ld->ld_timelimit.
> Server-side size and time limits
> You can also indicate to the server that you want it to terminate processing of a search operation if too much
> time passes or too many entries are retrieved. If the size or time limit is exceeded, the server will send the
> result code LDAP_TIMELIMIT_EXCEEDED or LDAP_SIZELIMIT_EXCEEDED as appropriate.
> You set server-side time and size limits by using the ldap_set_option() call and seting the LDAP_OPT_TIMELIMIT and
> LDAP_OPT_SIZELIMIT options.
> Note that servers may have default size and time limits that cannot be overridden by unprivileged clients. For
> example, the umich-derived servers (including Netscape's) allow unprivileged clients to request a smaller size or
> time limit than the default, but such clients cannot set a larger size or time limit.
> Hope this clears things up. This information should apply to ldap-3.3, OpenLDAP, and Netscape LDAP C SDKs.
> JR Heisey wrote:
> > The Mozilla code is implemented is implemented both ways. The timeout
> > value is sent to the server thus the server could timeout. The ldap_search_st()
> > calls the ldap_result() function and passes the timeout. ldap_result() will
> > also return when the timeout duration has elapsed.
> > The OpenLDAP seems to rely on the ldap_result() function to perform
> > the timeout. However the as the search is sent to the server the member timelimit
> > var of the LDAP structure is sent. I consider this an incorrect implementation
> > because the timelimit var of the LDAP structure can never be overridden
> > with the timeout value passed to ldap_search_st().
> > Thought I'd cross post the to the OpenLDAP group.
> > JR
> > Ian Bruce wrote:
> > > Does the ldap_search_st() function depend in any way on the server or is it just
> > > a client side timeout mechanism?
> > > --
> > >
> > > Ian Bruce
> > > (630) 713-7387
> > > email@example.com
> > >
> > > ---
> > > You are currently subscribed to firstname.lastname@example.org as: email@example.com
> > > To unsubscribe send email to firstname.lastname@example.org with the word UNSUBSCRIBE as the SUBJECT of the message.
> > --
> > -
> > J. R. Heisey
> > ---
> > You are currently subscribed to email@example.com as: [firstname.lastname@example.org]
> > To unsubscribe send email to email@example.com with the word UNSUBSCRIBE as the SUBJECT of the message.
J. R. Heisey