[Date Prev][Date Next]
Re: [ldap] Re: LDAP SDK API question.
My responses are inline:
JR Heisey wrote:
> Hi Gordon,
> Blow are my responses marked >>>
> Gordon Good wrote:
> > This isn't quite correct. There are two separate things here; (1) client SDK timeouts and (2) server time and size
> > limits, I think you're confusing the two.
> > Client SDK timeouts:
> > ==============
> > When you call ldap_search_st(), which has the following signature:
> > int ldap_search_st( LDAP *ld, const char *base, int scope,
> > const char* filter, char **attrs, int attrsonly,
> > struct timeval *timeout, LDAPMessage **res );
> > ...the "timeout" parameter tells the SDK how long it should wait for the results of the search operation to come
> > back from the server. This parameter is *not* passed to the server. It's meant to allow you to deal with the case
> > where a server accepts a request and just never answers.
> > If you look at the source, you'll see that ldap_search_st() is just a call to ldap_search() and then a call to
> > ldap_result(), passing the "timeout" parameter to ldap_result(). If the timeout expires, ldap_result() will return
> > and the SDK will abandon the operation.
> >>> This is not correct for Mozilla code. This is correct for OpenLDAP code.
I stand corrected. The Mozilla code implements the new draft C API (with one problem I can see). The following is an
excerpt from http://search.ietf.org/internet-drafts/draft-ietf-ldapext-ldap-c-api-02.txt that describes the "timeout"
parameter of the ldap_search_st(), ldap_search_ext(), and ldap_serarch_ext_s() functions.
"timeout For the ldap_search_st() function, this specifies the local search timeout value (if it is NULL, the
timeout is infinite). For the ldap_search_ext() and ldap_search_ext_s() functions, this specifies both the local search
timeout value and the operation time limit that is sent to the server within the search request. For the
ldap_search_ext() and ldap_search_ext_s() functions, passing a NULL value for timeout causes the global default timeout
stored in the LDAP session handle (set by using ldap_set_option() with the LDAP_OPT_TIMELIMIT parameter) to be sent to
the server with the request but an infinite local search timeout to be used."
> >>> However the OpenLDAP code calls ldap_build_search_req() which in turn includes ld->ld_timelimit
> >>> when it sends the request to the server. If this timeout value is smaller than the value
> >>> passed to ldap_search_st() the server will timout prematurely.
> >>> The Mozilla code calls ldap_search_ext() which calls ldap_build_search_req() however
> >>> this version of ldap_build_search_req() has been modified to accept a timeout value which
> >>> will override the value in ld->ld_timelimit.
Correct, and for ldap_search_ext_s(), this behavior is as specified in the C API Internet Draft. However, looking at the
Mozilla code, I see that the ldap_search_st() call is implemented in terms of ldap_search_ext_s(), which means that the
"timeout" parameter sets *both* the local and server-side timeout, which is in violation of the language from the draft.
So, to summarize:
OpenLDAP doesn't yet implement ldap_search_ext() and friends, and "timeout" parameters in the API calls only affect the
local timeout. To set the server-side timeout, you must use ldap_set_option(). This is the same as the original umich
Mozilla code implements ldap_search_ext() and friends, and the "timeout" parameter can affect both the local and
server-side timeouts, as described above, with the caveat that ldap_search_st() isn't treated specially, as called for
in the draft.
Apologies for the error. I guess I'm living a little in the past.