Michael Ströder wrote:
Looking at comments in ITS#9251 I wonder if and how one should set
-DSLAPD_MAX_FILTER_DEPTH= when building OpenLDAP downstream packages.
Better to take this in context of ITS#9202 which is the original report.
To me the default of 5000 looks way too high.
Indeed. The only reason to limit this in the first place was to prevent
a potential stack overrun, which could occur at a depth of over 38000.
It would be really helpful to have a metric of maximum filter depth
in by clients in cn=monitor.
For all practical purposes, it doesn't matter what number you choose as
long as it's smaller than 38000.
Anyway, you'll get an ADMINLIMIT_EXCEEDED error if a client hits the
limit, so there's no point worrying about it until then.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/