Re: openldap libraries & filters

["Pierangelo Masarati" <ando@sys-net.it>]

> Hi,
>
> Excuse me if this question is not appropriate here, please direct me
> to the right place.
>
> I use openldap release 2.3 and have a problem when doing an
> ldap_search_s call with a filter.
>
> I constructed a filter like (|(cn=xxxx)(cn=yyyy)......(cn=zzzz)) ...
> which works fine ... BUT it only works up to a certain number of
> (cn=xxxx) filter sections. I haven't found out the exact number but
> when I have > 1000 sections the ldap library gives me an "internal
> error" code. (it works for 750 elements which is sofar the biggest
> number I got to work)
>
> Is there some limit on how many results  can be returned  (and parsed
> into memory) and if so how can I enlarge that?

AFAIK, OpenLDAP's slapd/client API don't set any explicit limit on the
size of a filter; there used to be a LDAP_FILT_MAXSIZ macro (defaulting to
1024) which is no longer present (it seems incompatible with your limit,
as 750 OR filters would need at least 2250 chars for (=), not to mention
the attribute type and the value).

However, slapd sets limits on the size of a PDU, i.e. on the size of a
packet it's willing to accept (differentiating between anonymous and
auth'd connections).  See if incresing the sockbuf_max_incoming (for
anonymous) or the sockbuf_max_incoming_auth (for auth'd requests) fixes
your issue; I'm not aware of any similar limitation at the client library
side.

Anyway, I note that your search with > 750 ORed values in the filter is
likely to be very little efficient; are you sure you can't help otherwise?

p.



Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------