FYI,
I posted a patch to http://issues.apache.org/bugzilla/show_bug.cgi?id=37814
I took the easy route and just added a #if block to util_ldap to set a
sizelimit of 2147483647 if the microsoft ldap sdk was in use or
otherwise -1 and use this sizelimit define in ldap_search_ext_s calls.
Ideally sizelimit could be configureable via a module directive, but
since we'll be maintaining our own build with this patch I didn't want
to do anything too heavyweight.
Andy
Andy Wang wrote:
I noticed that with OpenLDAP 2.2.x, auth_ldap from apache on windows
fails. The actual error ends up being a invalid size limit on the
openldap end of things. After doing some research, it looks like the
Microsoft SDK defaults the sizelimit to (2^32)-1 (4294967295 or
basically an unsigned 32-bit int). OpenLDAP 2.2.x restricts the
sizelimit to (2^(32-1)) -1 (2147483647 or a signed 32-bit int).
I have no idea how to report this to microsoft, as it's the microsoft
SDK that's out of spec. RFC 2251
(http://www.ietf.org/rfc/rfc2251.txt) declares the max of a size limit
to be the openldap value.
As far as I can tell, none of the other ldap servers care and openldap
2.1.x didn't care either, but unfortunately, 2.2.x does care.
Anyone else run into this problem and have any ideas or know how ot
report this to MS? I was thinking of filing an Apache bug/enhancement
requesting that apache be able to pass a size limit to the ldap
query. In theory, you could override this MS SDK problem by
explicitly setting the size limit to a proper value, or patch openldap
to ignore it.
Thanks,
Andy
