[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: limits on internal searches

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: limits on internal searches
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 19 Jun 2004 10:14:43 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <40D454BF.9090609@sys-net.it>
References: <40D454BF.9090609@sys-net.it>

We need to be careful that a user, by selection of sync search
over a plain search, cannot bypass limits which normally would
apply.

Kurt

At 07:59 AM 6/19/2004, Pierangelo Masarati wrote:
>I've run into a problem with test017 which is currently failing for HEAD
>after I added some consistency checks on the values of search limits.
>I'm about to fix it, but I found out that some syncrepl code is checking
>search limits before running internal searches.  Is it intended?  I mean,
>is there any reason the identity that performs an internal search needs to
>check if any limits are set?  In that case, I strongly suggest any time limits
>are checked, an appropriate value is provided to fields op->ors_tlimit
>and op->ors_slimit.  By protocol, these fields can only have values >= 0,
>so if theey're set to SLAP_NO_LIMIT (= -1) it means they're being used
>in an internal search that requirs no limitations.  Otherwise, please set
>them to 0 (no specific limit required, incurring in soft limits if any)
>or to a positive value (e.g. 1 is used for auth{cz} related internal searches
>because strictly one value is required.
>
>P.
>
>
>
>   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: limits on internal searches
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- limits on internal searches
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: commit: ldap/servers/slapd/back-ldap back-ldap.h bind.c config.c init.c
Next by Date: Re: commit: ldap/tests/scripts test028-idassert conf.sh defines.sh
Index(es):
- Chronological
- Thread