Hallvard Breien Furuseth wrote:
On 2013-12-13 08:57, Hallvard Breien Furuseth wrote:
> On 2013-12-13 08:17, Ulrich Windl wrote:
>>>> Howard Chu <hyc(a)symas.com> schrieb am 09.12.2013
>>>> There are no maximum lengths in LDAP. Limits imposed by other
>>> depend on the particular application.
>> Right, but what about typical input buffer lengths in the openLDAP
>> tools (like
> Right... libldap has "#define LDIF_MAXLINE 4096", you must wrap
> longer lines (start each continuation line with a space).
> That doesn't impose a max length of the attribute value though.
More to the point, ldapsearch() & co use getpassphrase() if available,
and a Solaris manpage says it limits input to 257 chars.
The fallback implementation in OpenLDAP liblutil allows 512
including the final \0.
This is not conclusive though. There is no limit on passwords passed on the
commandline, nor on passwords read from a file.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/