[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 'invalid time limits'

Pierangelo Masarati wrote:
openldap 2.2.15 added a check for "invalid time limit" and "invalid size
limit" in servers/slapd/search.c.  What is the purpose of this limit?
The check has broken one of our production applications.

The protocol allows, as time/size limit, a "maxInt", which,
according to RFC2251, is defined as

    maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --

This test was absent in earlier versions, and was required for a
clean implementation of internal limits because "illegal" values
(i.e. < 0) are now used to identify an internal search, but the
check should be totally transparent to clients, since the values
that are not allowed by the protocol, should not be encoded by
the client library first.  If they are, the library has a bug
(what implementation of libldap is your client using?), which
you should be able to circumvent by explicitly setting a valid

The client is "Cognos," a reporting tool. It uses LDAP to log users in. I guess it's using an illegal value for its size limit.

           John Borwick
       System Administrator
      Wake Forest University | web  http://www.wfu.edu/~borwicjh
      Winston-Salem, NC, USA | GPG key ID             0x797326D5

Attachment: signature.asc
Description: OpenPGP digital signature