[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] Re: LDAP SDK API question.

Hi Gordon,

Blow are my responses marked >>>

Gordon Good wrote:

> This isn't quite correct. There are two separate things here; (1) client SDK timeouts and (2) server time and size
> limits,  I think you're confusing the two.
> Client SDK timeouts:
> ==============
> When you call ldap_search_st(), which has the following signature:
> int ldap_search_st( LDAP *ld, const char *base, int scope,
>    const char* filter, char **attrs, int attrsonly,
>    struct timeval *timeout, LDAPMessage **res );

> ...the "timeout" parameter tells the SDK how long it should wait for the results of the search operation to come
> back from the server. This parameter is *not* passed to the server. It's meant to allow you to deal with the case
> where a server accepts a request and just never answers.
> If you look at the source, you'll see that ldap_search_st() is just a call to ldap_search() and then a call to
> ldap_result(), passing the "timeout" parameter to ldap_result(). If the timeout expires, ldap_result() will return
> and the SDK will abandon the operation.

>>> This is not correct for Mozilla code. This is correct for OpenLDAP code.

>>> However the OpenLDAP code calls ldap_build_search_req() which in turn includes ld->ld_timelimit
>>> when it sends the request to the server. If this timeout value is smaller than the value
>>> passed to ldap_search_st() the server will timout prematurely.

>>> The Mozilla code calls ldap_search_ext() which calls ldap_build_search_req() however
>>> this version of ldap_build_search_req() has been modified to accept a timeout value which
>>> will override the value in ld->ld_timelimit.

> Server-side size and time limits
> =====================
> You can also indicate to the server that you want it to terminate processing of a search operation if too much
> time passes or too many entries are retrieved. If the size or time limit is exceeded, the server will send the
> You set server-side time and size limits by using the ldap_set_option() call and seting the LDAP_OPT_TIMELIMIT and
> Note that servers may have default size and time limits that cannot be overridden by unprivileged clients. For
> example, the umich-derived servers (including Netscape's) allow unprivileged clients to request a smaller size or
> time limit than the default, but such clients cannot set a larger size or time limit.
> Hope this clears things up. This information should apply to ldap-3.3, OpenLDAP, and Netscape LDAP C SDKs.
> -Gordon
> JR Heisey wrote:
> > The Mozilla code is implemented is implemented both ways. The timeout
> > value is sent to the server thus the server could timeout. The ldap_search_st()
> > calls the ldap_result() function and passes the timeout. ldap_result() will
> > also return when the timeout duration has elapsed.
> >
> > The OpenLDAP seems to rely on the ldap_result() function to perform
> > the timeout. However the as the search is sent to the server the member timelimit
> > var of the LDAP structure is sent. I consider this an incorrect implementation
> > because the timelimit var of the LDAP structure can never be overridden
> > with the timeout value passed to ldap_search_st().
> >
> > Thought I'd cross post the to the OpenLDAP group.
> >
> > JR
> >
> > Ian Bruce wrote:
> >
> > > Does the ldap_search_st() function depend in any way on the server or is it just
> > > a client side timeout mechanism?
> > > --
> > >
> > > Ian Bruce
> > > (630) 713-7387
> > > ianbruce@lucent.com
> > >
> > > ---
> > > You are currently subscribed to ldap@umich.edu as: jr.heisey@mediagate.com
> > > To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.
> >
> > --
> > -
> > J. R. Heisey
> >
> > ---
> > You are currently subscribed to ldap@umich.edu as: [ggood@netscape.com]
> > To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.

J. R. Heisey