Full_Name: Christian Fischer Version: 2.4.16 OS: gentoo amd64 URL: Submission from: (NULL) (213.221.82.34)
slapd ignores sizelimit values above 500 and -1 (unlimited)
If sizelimit is set to a value >=0 and <=500 the behavior is as expected, unlimited (-1) and values >500 are ignored.
I've turned on args debugging to see if something is different between 2.4.16 and 2.3.43, which works for me.
Version 2.3.43 op->ors_slimit is set to 0 if do_search() is executed, version 2.4.16 op->ors_slimit is set to 500 (SLAPD_DEFAULT_SIZELIMIT).
That explains the different behavior of limits_check().
With ors_slimit set to SLAPD_DEFAULT_SIZELIMIT it runs into servers/slapd/limits.c:1294 and ors_slimit will only set to ors_limit->lms_s_soft if the value of ors_limit->lms_s_soft is between 1 and SLAPD_DEFAULT_SIZELIMIT -1.
This patch has solved my problem for now, sizelimit statement is working without restrictions.
--- openldap-2.4.16/servers/slapd_orig/limits.c 2009-01-22 01:01:01.000000000 +0100 +++ openldap-2.4.16/servers/slapd/limits.c 2009-06-15 09:27:36.212817654 +0200 @@ -1077,6 +1077,9 @@ return 0; }
+ /* fix sizelimit */ + op->ors_slimit = 0; + /* allow root to set no limit */ if ( be_isroot( op ) ) { op->ors_limit = NULL;
### config snippet ###
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/openssh-lpk.schema include /etc/openldap/schema/radius.schema include /etc/openldap/schema/egr.schema include /etc/openldap/schema/mozillaabpersonalpha.schema include /etc/openldap/schema/dhcp.schema
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCertificateFile /etc/openldap/ssl/ldap.pem TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem TLSCACertificateFile /etc/openldap/ssl/ca.crt TLSVerifyClient never
loglevel none serverID 2 security ssf=256 disallow bind_anon require authc
database bdb suffix "dc=foo,dc=bar" rootdn "cn=Manager,dc=foo,dc=bar" rootpw secret directory /var/lib/openldap-data checkpoint 32 30 sizelimit unlimited
index objectclass,entryCSN,entryUUID eq
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 syncprov-reloadhint TRUE
syncrepl rid=123 provider=ldap://isc01.foo.bar starttls=yes tls_reqcert=never type=refreshAndPersist retry="5 5 60 +" searchbase="dc=foo,dc=bar" scope=sub schemachecking=on bindmethod=simple binddn="cn=syncrepl,ou=dsa,dc=foo,dc=bar" credentials=secret
mirrormode on
### ACL ### # [snip]