How about something alone these lines? It assumes there is nobody with
LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still supports
and wishes to use the -1 value.
--- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
+++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
@@ -52,15 +52,9 @@
#define LDAP_CA_TYPE_BASE64 2
#define LDAP_CA_TYPE_CERT7_DB 3
-#ifdef LDAP_DEFAULT_LIMIT
-#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
-#else
-#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT
*/
-#define LDAP_LIMIT_VALUE -1
-#else /* Have LDAP_NO_LIMIT, but not LDAP_DEFAULT_LIMIT */
-#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
-#endif /* !LDAP_NO_LIMIT */
-#endif /* LDAP_DEFAULT_LIMIT */
+#ifndef LDAP_NO_LIMIT
+#define LDAP_NO_LIMIT -1
+#endif
module AP_MODULE_DECLARE_DATA ldap_module;
@@ -680,7 +674,7 @@
/* search for reqdn */
if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -958,7 +952,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";
@@ -1198,7 +1192,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";
On 2/20/07, Brad Nicholes <[EMAIL PROTECTED]> wrote:
>>> On 2/19/2007 at 9:29 AM, in message
<[EMAIL PROTECTED]>, "Jeff
Trawick"
<[EMAIL PROTECTED]> wrote:
> On 2/15/07, David Jones <[EMAIL PROTECTED]> wrote:
>> Currently util_ldap.c has a hard coded -1 as the search limit value
(meaning
>> infinite/no limit) on ldap_search_ext_s() calls. Some platforms cannot
>> handle the -1, but need a 0. Linux, zoS (and others) have a
LDAP_NO_LIMIT
>> value in ldap.h.
>> Below is a patch, allows those who have LDAP_NO_LIMIT value to take
>> advantage of it, and others to continue using a -1 value.
>
> patch committed to trunk and proposed for backport 2.2.x
> my guess is that -1 is rarely/never the proper value, but that isn't
> so easy to confirm; hopefully the symbol is always available in modern
> SDK level
The values of 0 and -1 have a different meaning at least in the Novell
LDAP SDK. A value of 0 or LDAP_NO_LIMIT specifies that the search truely
has no limit to the number of entries that will be returned. A value of -1
or LDAP_DEFAULT_SIZELIMIT specifies that the search should default to the
session value or the value that was set in the session by
LDAP_OPT_SIZELIMIT. Changing the sizelimit parameter from -1 to
LDAP_NO_LIMIT in the calls to ldap_search_ext_s() removes the ability to
control the size limit through the session options. In fact the patch that
was submitted will cause the ldap_search_ext_s() function to act differently
depending on whether the LDAP SDK has defined LDAP_NO_LIMIT or not.
I can't confirm this because I haven't been able to find it documented for
all SDKs but I would assume that the initial reason for specifying -1 rather
than LDAP_NO_LIMIT or LDAP_DEFAULT_SIZELIMIT is because the intention was to
make the call to ldap_search_ext_s() defer to the size limit specified in
the session. But not all SDKs define LDAP_DEFAULT_SIZELIMIT, therefore -1
was hardcoded. Can those that know the OpenLDAP or Microsoft LDAP SDKs
confirm that those SDKs support a -1 or LDAP_DEFAULT_SIZELIMIT?
In the meantime, the patch should probably be revised to make sure that
all platforms work the same rather than some supporting LDAP_NO_LIMIT and
other supporting LDAP_DEFAULT_SIZELIMIT. The preference should be
LDAP_DEFAULT_SIZELIMIT (-1).
Brad
