-DSLAPD_MAX_FILTER_DEPTH=xxx - openldap-technical - openldap.org

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

December

-DSLAPD_MAX_FILTER_DEPTH=xxx

warning in SLAPO_PPOLICY(5)...

OpenLDAP as AD Proxy: OpenLDAP...

Michael Ströder

Monday, 22 March 2021 Mon, 22 Mar '21

1:34 p.m.

HI! Looking at comments in ITS#9251 I wonder if and how one should set -DSLAPD_MAX_FILTER_DEPTH= when building OpenLDAP downstream packages. To me the default of 5000 looks way too high. It would be really helpful to have a metric of maximum filter depth sent in by clients in cn=monitor. Ciao, Michael.

Reply

Show replies by date

Howard Chu

Monday, 22 March Mon, 22 Mar

2:01 p.m.

Michael Ströder wrote:

HI! Looking at comments in ITS#9251 I wonder if and how one should set -DSLAPD_MAX_FILTER_DEPTH= when building OpenLDAP downstream packages.

Better to take this in context of ITS#9202 which is the original report.

To me the default of 5000 looks way too high.

Indeed. The only reason to limit this in the first place was to prevent a potential stack overrun, which could occur at a depth of over 38000.

It would be really helpful to have a metric of maximum filter depth sent in by clients in cn=monitor.

For all practical purposes, it doesn't matter what number you choose as long as it's smaller than 38000. Anyway, you'll get an ADMINLIMIT_EXCEEDED error if a client hits the limit, so there's no point worrying about it until then.

Ciao, Michael.

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Reply

797

days inactive

797

days old

openldap-technical@openldap.org

Manage subscription

1 comments

2 participants

tags (0)

participants (2)

Howard Chu
Michael Ströder