Mailing List Archive: Apache: Dev

util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error

Index | Next | Previous | View Threaded

oscaremma at gmail

Feb 15, 2007, 12:02 PM

Post #1 of 15 (2067 views)
Permalink

util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error

Currently util_ldap.c has a hard coded -1 as the search limit value (meaning
infinite/no limit) on ldap_search_ext_s() calls. Some platforms cannot
handle the -1, but need a 0. Linux, zoS (and others) have a LDAP_NO_LIMIT
value in ldap.h.

Below is a patch, allows those who have LDAP_NO_LIMIT value to take
advantage of it, and others to continue using a -1 value.

Index: util_ldap.c
===================================================================
--- util_ldap.c (revision 494665)
+++ util_ldap.c (working copy)
@@ -52,6 +52,9 @@
#define LDAP_CA_TYPE_BASE64 2
#define LDAP_CA_TYPE_CERT7_DB 3

+#ifndef LDAP_NO_LIMIT
+#define LDAP_NO_LIMIT -1
+#endif

module AP_MODULE_DECLARE_DATA ldap_module;

@@ -657,7 +660,7 @@
/* search for reqdn */
if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, -1, &res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -935,7 +938,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, -1, &res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";
@@ -1175,7 +1178,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, -1, &res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";

--
David Jones
oscaremma [at] gmail

trawick at gmail

Feb 19, 2007, 8:29 AM

Post #2 of 15 (1963 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

On 2/15/07, David Jones <oscaremma [at] gmail> wrote:
> Currently util_ldap.c has a hard coded -1 as the search limit value (meaning
> infinite/no limit) on ldap_search_ext_s() calls. Some platforms cannot
> handle the -1, but need a 0. Linux, zoS (and others) have a LDAP_NO_LIMIT
> value in ldap.h.
> Below is a patch, allows those who have LDAP_NO_LIMIT value to take
> advantage of it, and others to continue using a -1 value.

patch committed to trunk and proposed for backport 2.2.x
my guess is that -1 is rarely/never the proper value, but that isn't
so easy to confirm; hopefully the symbol is always available in modern
SDK levels

BNICHOLES at novell

Feb 20, 2007, 8:17 AM

Post #3 of 15 (1960 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

>>> On 2/19/2007 at 9:29 AM, in message
<cc67648e0702190829qc3a167evfb7e611fac2acfd4 [at] mail>, "Jeff Trawick"
<trawick [at] gmail> wrote:
> On 2/15/07, David Jones <oscaremma [at] gmail> wrote:
>> Currently util_ldap.c has a hard coded -1 as the search limit value (meaning
>> infinite/no limit) on ldap_search_ext_s() calls. Some platforms cannot
>> handle the -1, but need a 0. Linux, zoS (and others) have a LDAP_NO_LIMIT
>> value in ldap.h.
>> Below is a patch, allows those who have LDAP_NO_LIMIT value to take
>> advantage of it, and others to continue using a -1 value.
>
> patch committed to trunk and proposed for backport 2.2.x
> my guess is that -1 is rarely/never the proper value, but that isn't
> so easy to confirm; hopefully the symbol is always available in modern
> SDK level

The values of 0 and -1 have a different meaning at least in the Novell LDAP SDK. A value of 0 or LDAP_NO_LIMIT specifies that the search truely has no limit to the number of entries that will be returned. A value of -1 or LDAP_DEFAULT_SIZELIMIT specifies that the search should default to the session value or the value that was set in the session by LDAP_OPT_SIZELIMIT. Changing the sizelimit parameter from -1 to LDAP_NO_LIMIT in the calls to ldap_search_ext_s() removes the ability to control the size limit through the session options. In fact the patch that was submitted will cause the ldap_search_ext_s() function to act differently depending on whether the LDAP SDK has defined LDAP_NO_LIMIT or not.

I can't confirm this because I haven't been able to find it documented for all SDKs but I would assume that the initial reason for specifying -1 rather than LDAP_NO_LIMIT or LDAP_DEFAULT_SIZELIMIT is because the intention was to make the call to ldap_search_ext_s() defer to the size limit specified in the session. But not all SDKs define LDAP_DEFAULT_SIZELIMIT, therefore -1 was hardcoded. Can those that know the OpenLDAP or Microsoft LDAP SDKs confirm that those SDKs support a -1 or LDAP_DEFAULT_SIZELIMIT?

In the meantime, the patch should probably be revised to make sure that all platforms work the same rather than some supporting LDAP_NO_LIMIT and other supporting LDAP_DEFAULT_SIZELIMIT. The preference should be LDAP_DEFAULT_SIZELIMIT (-1).

Brad

oscaremma at gmail

Feb 22, 2007, 6:12 AM

Post #4 of 15 (1951 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

How about something alone these lines? It assumes there is nobody with
LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still supports
and wishes to use the -1 value.

--- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
+++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
@@ -52,15 +52,9 @@
#define LDAP_CA_TYPE_BASE64 2
#define LDAP_CA_TYPE_CERT7_DB 3

-#ifdef LDAP_DEFAULT_LIMIT
-#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
-#else
-#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT
*/
-#define LDAP_LIMIT_VALUE -1
-#else /* Have LDAP_NO_LIMIT, but not LDAP_DEFAULT_LIMIT */
-#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
-#endif /* !LDAP_NO_LIMIT */
-#endif /* LDAP_DEFAULT_LIMIT */
+#ifndef LDAP_NO_LIMIT
+#define LDAP_NO_LIMIT -1
+#endif

module AP_MODULE_DECLARE_DATA ldap_module;

@@ -680,7 +674,7 @@
/* search for reqdn */
if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -958,7 +952,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";
@@ -1198,7 +1192,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_LIMIT_VALUE,
&res))
+ NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";

On 2/20/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>
> >>> On 2/19/2007 at 9:29 AM, in message
> <cc67648e0702190829qc3a167evfb7e611fac2acfd4 [at] mail>, "Jeff
> Trawick"
> <trawick [at] gmail> wrote:
> > On 2/15/07, David Jones <oscaremma [at] gmail> wrote:
> >> Currently util_ldap.c has a hard coded -1 as the search limit value
> (meaning
> >> infinite/no limit) on ldap_search_ext_s() calls. Some platforms cannot
> >> handle the -1, but need a 0. Linux, zoS (and others) have a
> LDAP_NO_LIMIT
> >> value in ldap.h.
> >> Below is a patch, allows those who have LDAP_NO_LIMIT value to take
> >> advantage of it, and others to continue using a -1 value.
> >
> > patch committed to trunk and proposed for backport 2.2.x
> > my guess is that -1 is rarely/never the proper value, but that isn't
> > so easy to confirm; hopefully the symbol is always available in modern
> > SDK level
>
> The values of 0 and -1 have a different meaning at least in the Novell
> LDAP SDK. A value of 0 or LDAP_NO_LIMIT specifies that the search truely
> has no limit to the number of entries that will be returned. A value of -1
> or LDAP_DEFAULT_SIZELIMIT specifies that the search should default to the
> session value or the value that was set in the session by
> LDAP_OPT_SIZELIMIT. Changing the sizelimit parameter from -1 to
> LDAP_NO_LIMIT in the calls to ldap_search_ext_s() removes the ability to
> control the size limit through the session options. In fact the patch that
> was submitted will cause the ldap_search_ext_s() function to act differently
> depending on whether the LDAP SDK has defined LDAP_NO_LIMIT or not.
>
> I can't confirm this because I haven't been able to find it documented for
> all SDKs but I would assume that the initial reason for specifying -1 rather
> than LDAP_NO_LIMIT or LDAP_DEFAULT_SIZELIMIT is because the intention was to
> make the call to ldap_search_ext_s() defer to the size limit specified in
> the session. But not all SDKs define LDAP_DEFAULT_SIZELIMIT, therefore -1
> was hardcoded. Can those that know the OpenLDAP or Microsoft LDAP SDKs
> confirm that those SDKs support a -1 or LDAP_DEFAULT_SIZELIMIT?
>
> In the meantime, the patch should probably be revised to make sure that
> all platforms work the same rather than some supporting LDAP_NO_LIMIT and
> other supporting LDAP_DEFAULT_SIZELIMIT. The preference should be
> LDAP_DEFAULT_SIZELIMIT (-1).
>
> Brad
>

BNICHOLES at novell

Feb 22, 2007, 8:15 AM

Post #5 of 15 (1952 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

>>> On 2/22/2007 at 7:12 AM, in message
<3ce0569d0702220612n3750e50blf7a7d570a7a4c883 [at] mail>, "David Jones"
<oscaremma [at] gmail> wrote:
> How about something alone these lines? It assumes there is nobody with
> LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still supports
> and wishes to use the -1 value.
>
> --- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
> +++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
> @@ -52,15 +52,9 @@
> #define LDAP_CA_TYPE_BASE64 2
> #define LDAP_CA_TYPE_CERT7_DB 3
>
> -#ifdef LDAP_DEFAULT_LIMIT
> -#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
> -#else
> -#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT
> */
> -#define LDAP_LIMIT_VALUE -1
> -#else /* Have LDAP_NO_LIMIT, but not LDAP_DEFAULT_LIMIT */
> -#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
> -#endif /* !LDAP_NO_LIMIT */
> -#endif /* LDAP_DEFAULT_LIMIT */
> +#ifndef LDAP_NO_LIMIT
> +#define LDAP_NO_LIMIT -1
> +#endif
>
> module AP_MODULE_DECLARE_DATA ldap_module;
>
> @@ -680,7 +674,7 @@
> /* search for reqdn */
> if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> LDAP_SCOPE_BASE,
> "(objectclass=*)", NULL, 1,
> - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
> &res))
> + NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "DN Comparison ldap_search_ext_s() "
> @@ -958,7 +952,7 @@
> if ((result = ldap_search_ext_s(ldc->ldap,
> (char *)basedn, scope,
> (char *)filter, attrs, 0,
> - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
> &res))
> + NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "ldap_search_ext_s() for user failed with server
> down";
> @@ -1198,7 +1192,7 @@
> if ((result = ldap_search_ext_s(ldc->ldap,
> (char *)basedn, scope,
> (char *)filter, attrs, 0,
> - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
> &res))
> + NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "ldap_search_ext_s() for user failed with server
> down";
>

Maybe I missed this before, but what platform or LDAP SDK does this fail on? The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1) and according to the OpenLDAP source code, it also supports the same functionality if the value of sizelimit is -1 even though it does not specifically define LDAP_DEFAULT_SIZELIMIT. I don't know what the Netscape or Microsoft SDKs support other than the fact that we have been passing those SDKs the same -1 value without a problem. I believe that the only reason why we see the hardcoded -1 rather than a #define is simply because not all of the SDKs provide a #define yet they all seems to support the functionality. We just need to validate that theory.

Brad

oscaremma at gmail

Feb 22, 2007, 11:52 AM

Post #6 of 15 (1949 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Its the z/OS, has LDAP_NO_SIZELIMIT defined. Does not have nor support
LDAP_DEFAULT_SIZELIMIT

On 2/22/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>
> >>> On 2/22/2007 at 7:12 AM, in message
> <3ce0569d0702220612n3750e50blf7a7d570a7a4c883 [at] mail>, "David
> Jones"
> <oscaremma [at] gmail> wrote:
> > How about something alone these lines? It assumes there is nobody with
> > LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still
> supports
> > and wishes to use the -1 value.
> >
> > --- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
> > +++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
> > @@ -52,15 +52,9 @@
> > #define LDAP_CA_TYPE_BASE64 2
> > #define LDAP_CA_TYPE_CERT7_DB 3
> >
> > -#ifdef LDAP_DEFAULT_LIMIT
> > -#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
> > -#else
> > -#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or
> LDAP_NO_LIMIT
> > */
> > -#define LDAP_LIMIT_VALUE -1
> > -#else /* Have LDAP_NO_LIMIT, but not
> LDAP_DEFAULT_LIMIT */
> > -#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
> > -#endif /* !LDAP_NO_LIMIT */
> > -#endif /* LDAP_DEFAULT_LIMIT */
> > +#ifndef LDAP_NO_LIMIT
> > +#define LDAP_NO_LIMIT -1
> > +#endif
> >
> > module AP_MODULE_DECLARE_DATA ldap_module;
> >
> > @@ -680,7 +674,7 @@
> > /* search for reqdn */
> > if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> > LDAP_SCOPE_BASE,
> > "(objectclass=*)", NULL, 1,
> > - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
> > &res))
> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> > == LDAP_SERVER_DOWN)
> > {
> > ldc->reason = "DN Comparison ldap_search_ext_s() "
> > @@ -958,7 +952,7 @@
> > if ((result = ldap_search_ext_s(ldc->ldap,
> > (char *)basedn, scope,
> > (char *)filter, attrs, 0,
> > - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
> > &res))
> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> > == LDAP_SERVER_DOWN)
> > {
> > ldc->reason = "ldap_search_ext_s() for user failed with server
> > down";
> > @@ -1198,7 +1192,7 @@
> > if ((result = ldap_search_ext_s(ldc->ldap,
> > (char *)basedn, scope,
> > (char *)filter, attrs, 0,
> > - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
> > &res))
> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> > == LDAP_SERVER_DOWN)
> > {
> > ldc->reason = "ldap_search_ext_s() for user failed with server
> > down";
> >
>
> Maybe I missed this before, but what platform or LDAP SDK does this fail
> on? The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1) and
> according to the OpenLDAP source code, it also supports the same
> functionality if the value of sizelimit is -1 even though it does not
> specifically define LDAP_DEFAULT_SIZELIMIT. I don't know what the Netscape
> or Microsoft SDKs support other than the fact that we have been passing
> those SDKs the same -1 value without a problem. I believe that the only
> reason why we see the hardcoded -1 rather than a #define is simply because
> not all of the SDKs provide a #define yet they all seems to support the
> functionality. We just need to validate that theory.
>
> Brad
>
>

BNICHOLES at novell

Feb 23, 2007, 7:07 AM

Post #7 of 15 (1934 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

What LDAP client SDK does z/OS use? (Novell, OpenLDAP, Netscape, Other???)

Brad

>>> On 2/22/2007 at 12:52 PM, in message
<3ce0569d0702221152h3ffa1121j8a8f5586c6b35c67 [at] mail>, "David Jones"
<oscaremma [at] gmail> wrote:
> Its the z/OS, has LDAP_NO_SIZELIMIT defined. Does not have nor support
> LDAP_DEFAULT_SIZELIMIT
>
> On 2/22/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>>
>> >>> On 2/22/2007 at 7:12 AM, in message
>> <3ce0569d0702220612n3750e50blf7a7d570a7a4c883 [at] mail>, "David
>> Jones"
>> <oscaremma [at] gmail> wrote:
>> > How about something alone these lines? It assumes there is nobody with
>> > LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still
>> supports
>> > and wishes to use the -1 value.
>> >
>> > --- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
>> > +++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
>> > @@ -52,15 +52,9 @@
>> > #define LDAP_CA_TYPE_BASE64 2
>> > #define LDAP_CA_TYPE_CERT7_DB 3
>> >
>> > -#ifdef LDAP_DEFAULT_LIMIT
>> > -#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
>> > -#else
>> > -#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or
>> LDAP_NO_LIMIT
>> > */
>> > -#define LDAP_LIMIT_VALUE -1
>> > -#else /* Have LDAP_NO_LIMIT, but not
>> LDAP_DEFAULT_LIMIT */
>> > -#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
>> > -#endif /* !LDAP_NO_LIMIT */
>> > -#endif /* LDAP_DEFAULT_LIMIT */
>> > +#ifndef LDAP_NO_LIMIT
>> > +#define LDAP_NO_LIMIT -1
>> > +#endif
>> >
>> > module AP_MODULE_DECLARE_DATA ldap_module;
>> >
>> > @@ -680,7 +674,7 @@
>> > /* search for reqdn */
>> > if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
>> > LDAP_SCOPE_BASE,
>> > "(objectclass=*)", NULL, 1,
>> > - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
>> > &res))
>> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> > == LDAP_SERVER_DOWN)
>> > {
>> > ldc->reason = "DN Comparison ldap_search_ext_s() "
>> > @@ -958,7 +952,7 @@
>> > if ((result = ldap_search_ext_s(ldc->ldap,
>> > (char *)basedn, scope,
>> > (char *)filter, attrs, 0,
>> > - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
>> > &res))
>> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> > == LDAP_SERVER_DOWN)
>> > {
>> > ldc->reason = "ldap_search_ext_s() for user failed with server
>> > down";
>> > @@ -1198,7 +1192,7 @@
>> > if ((result = ldap_search_ext_s(ldc->ldap,
>> > (char *)basedn, scope,
>> > (char *)filter, attrs, 0,
>> > - NULL, NULL, NULL, LDAP_LIMIT_VALUE,
>> > &res))
>> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> > == LDAP_SERVER_DOWN)
>> > {
>> > ldc->reason = "ldap_search_ext_s() for user failed with server
>> > down";
>> >
>>
>> Maybe I missed this before, but what platform or LDAP SDK does this fail
>> on? The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1) and
>> according to the OpenLDAP source code, it also supports the same
>> functionality if the value of sizelimit is -1 even though it does not
>> specifically define LDAP_DEFAULT_SIZELIMIT. I don't know what the Netscape
>> or Microsoft SDKs support other than the fact that we have been passing
>> those SDKs the same -1 value without a problem. I believe that the only
>> reason why we see the hardcoded -1 rather than a #define is simply because
>> not all of the SDKs provide a #define yet they all seems to support the
>> functionality. We just need to validate that theory.
>>
>> Brad
>>
>

oscaremma at gmail

Feb 28, 2007, 7:26 AM

Post #8 of 15 (1926 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Sorry for the delay.
We use our own z/OS specific SDK. There is also a Tivoli SDK , [see Eric
Covener's appends and
http://issues.apache.org/bugzilla/attachment.cgi?id=19394 waiting for
input], which shares some commonality with z/OS (Tivoli can accept the -1
without a problem, but it acts like 0).

Thoughts are:

1) LDAP_HAS_ZOS_LDAPSDK isn't an apache define yet. (The Tivoli append adds
a LDAP_HAS_TIVOLI_LDAPSDK to apu-conf.m4, and we would do similar). So if it
shouldn't be put in svn yet skip the top 3 lines and what we're left with
isn't much different than the original hardcoded -1, but at least it puts
some doc in the code about whats going on.

#ifdef LDAP_HAS_ZOS_LDAPSDK
#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
#else
#ifdef LDAP_DEFAULT_LIMIT
#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
#else
#define LDAP_LIMIT_VALUE -1 /* equivalent to LDAP_DEFAULT_LIMIT */
#endif
#endif

2)Or the flipside, assuming everyone else who defines 0 and not -1 wants to
use 0:

#ifdef LDAP_HAS_NOVELL_LDAPSDK
#define LDAP_LIMIT_VALUE -1
#else
#ifdef LDAP_DEFAULT_LIMIT
#define LDAP_LIMIT_VALUE LDAP_DEFAULT_TIME
#else
#ifdef LDAP_NO_LIMIT
#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
#else
#define LDAP_LIMIT_VALUE -1
#endif
#endif
#endif

3) Or maybe moving it and define a APR_LDAP_DEFAULT_SIZELIMIT instead of
keeping it in util_ldap.c

4) Or some complicated(?) conf magic that would involve getting a handle and
then calling ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, -1); and setting
APR_LDAP_DEFAULT_SIZELIMIT to -1 or 0 accordingly.

On 2/23/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>
> What LDAP client SDK does z/OS use? (Novell, OpenLDAP, Netscape, Other???)
>
> Brad
>
> >>> On 2/22/2007 at 12:52 PM, in message
> <3ce0569d0702221152h3ffa1121j8a8f5586c6b35c67 [at] mail>, "David
> Jones"
> <oscaremma [at] gmail> wrote:
> > Its the z/OS, has LDAP_NO_SIZELIMIT defined. Does not have nor support
> > LDAP_DEFAULT_SIZELIMIT
> >
> > On 2/22/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
> >>
> >> >>> On 2/22/2007 at 7:12 AM, in message
> >> <3ce0569d0702220612n3750e50blf7a7d570a7a4c883 [at] mail>, "David
> >> Jones"
> >> <oscaremma [at] gmail> wrote:
> >> > How about something alone these lines? It assumes there is nobody
> with
> >> > LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still
> >> supports
> >> > and wishes to use the -1 value.
> >> >
> >> > --- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
> >> > +++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
> >> > @@ -52,15 +52,9 @@
> >> > #define LDAP_CA_TYPE_BASE64 2
> >> > #define LDAP_CA_TYPE_CERT7_DB 3
> >> >
> >> > -#ifdef LDAP_DEFAULT_LIMIT
> >> > -#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
> >> > -#else
> >> > -#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or
> >> LDAP_NO_LIMIT
> >> > */
> >> > -#define LDAP_LIMIT_VALUE -1
> >> > -#else /* Have LDAP_NO_LIMIT, but not
> >> LDAP_DEFAULT_LIMIT */
> >> > -#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
> >> > -#endif /* !LDAP_NO_LIMIT */
> >> > -#endif /* LDAP_DEFAULT_LIMIT */
> >> > +#ifndef LDAP_NO_LIMIT
> >> > +#define LDAP_NO_LIMIT -1
> >> > +#endif
> >> >
> >> > module AP_MODULE_DECLARE_DATA ldap_module;
> >> >
> >> > @@ -680,7 +674,7 @@
> >> > /* search for reqdn */
> >> > if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> >> > LDAP_SCOPE_BASE,
> >> > "(objectclass=*)", NULL, 1,
> >> > - NULL, NULL, NULL,
> LDAP_LIMIT_VALUE,
> >> > &res))
> >> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> > == LDAP_SERVER_DOWN)
> >> > {
> >> > ldc->reason = "DN Comparison ldap_search_ext_s() "
> >> > @@ -958,7 +952,7 @@
> >> > if ((result = ldap_search_ext_s(ldc->ldap,
> >> > (char *)basedn, scope,
> >> > (char *)filter, attrs, 0,
> >> > - NULL, NULL, NULL,
> LDAP_LIMIT_VALUE,
> >> > &res))
> >> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> > == LDAP_SERVER_DOWN)
> >> > {
> >> > ldc->reason = "ldap_search_ext_s() for user failed with
> server
> >> > down";
> >> > @@ -1198,7 +1192,7 @@
> >> > if ((result = ldap_search_ext_s(ldc->ldap,
> >> > (char *)basedn, scope,
> >> > (char *)filter, attrs, 0,
> >> > - NULL, NULL, NULL,
> LDAP_LIMIT_VALUE,
> >> > &res))
> >> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> > == LDAP_SERVER_DOWN)
> >> > {
> >> > ldc->reason = "ldap_search_ext_s() for user failed with
> server
> >> > down";
> >> >
> >>
> >> Maybe I missed this before, but what platform or LDAP SDK does this
> fail
> >> on? The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1)
> and
> >> according to the OpenLDAP source code, it also supports the same
> >> functionality if the value of sizelimit is -1 even though it does not
> >> specifically define LDAP_DEFAULT_SIZELIMIT. I don't know what the
> Netscape
> >> or Microsoft SDKs support other than the fact that we have been passing
> >> those SDKs the same -1 value without a problem. I believe that the
> only
> >> reason why we see the hardcoded -1 rather than a #define is simply
> because
> >> not all of the SDKs provide a #define yet they all seems to support the
> >> functionality. We just need to validate that theory.
> >>
> >> Brad
> >>
> >
>
>
>

BNICHOLES at novell

Feb 28, 2007, 12:31 PM

Post #9 of 15 (1925 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

LDAP SDK differences should really be pushed down into APR-Util. In fact your option #1 would probably be the way to go as long as it was implemented in apr_ldap.h.in and you implemented APR_HAS_ZOS_LDAPSDK that is determined during configure time just like the other SDKs. The #define should also be prefixed with APR_. Unfortunately this creates a version dependancy between HTTPD and APR-Util. This is OK for trunk but a problem for 2.2. The release of APR-Util and HTTPD would have to be coordinated. The fallback is to patch util_ldap.c in some way that doesn't alter the way that the other platforms or SDKs are currently working.

Brad

>>> On 2/28/2007 at 8:26 AM, in message
<3ce0569d0702280726p24d1b536la278b021e0f07aad [at] mail>, "David Jones"
<oscaremma [at] gmail> wrote:
> Sorry for the delay.
> We use our own z/OS specific SDK. There is also a Tivoli SDK , [see Eric
> Covener's appends and
> http://issues.apache.org/bugzilla/attachment.cgi?id=19394 waiting for
> input], which shares some commonality with z/OS (Tivoli can accept the -1
> without a problem, but it acts like 0).
>
> Thoughts are:
>
>
> 1) LDAP_HAS_ZOS_LDAPSDK isn't an apache define yet. (The Tivoli append adds
> a LDAP_HAS_TIVOLI_LDAPSDK to apu-conf.m4, and we would do similar). So if it
> shouldn't be put in svn yet skip the top 3 lines and what we're left with
> isn't much different than the original hardcoded -1, but at least it puts
> some doc in the code about whats going on.
>
> #ifdef LDAP_HAS_ZOS_LDAPSDK
> #define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
> #else
> #ifdef LDAP_DEFAULT_LIMIT
> #define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
> #else
> #define LDAP_LIMIT_VALUE -1 /* equivalent to LDAP_DEFAULT_LIMIT */
> #endif
> #endif
>
> 2)Or the flipside, assuming everyone else who defines 0 and not -1 wants to
> use 0:
>
> #ifdef LDAP_HAS_NOVELL_LDAPSDK
> #define LDAP_LIMIT_VALUE -1
> #else
> #ifdef LDAP_DEFAULT_LIMIT
> #define LDAP_LIMIT_VALUE LDAP_DEFAULT_TIME
> #else
> #ifdef LDAP_NO_LIMIT
> #define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
> #else
> #define LDAP_LIMIT_VALUE -1
> #endif
> #endif
> #endif
>
> 3) Or maybe moving it and define a APR_LDAP_DEFAULT_SIZELIMIT instead of
> keeping it in util_ldap.c
>
> 4) Or some complicated(?) conf magic that would involve getting a handle and
> then calling ldap_set_option(ldap, LDAP_OPT_SIZELIMIT, -1); and setting
> APR_LDAP_DEFAULT_SIZELIMIT to -1 or 0 accordingly.
>
>
> On 2/23/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>>
>> What LDAP client SDK does z/OS use? (Novell, OpenLDAP, Netscape, Other???)
>>
>> Brad
>>
>> >>> On 2/22/2007 at 12:52 PM, in message
>> <3ce0569d0702221152h3ffa1121j8a8f5586c6b35c67 [at] mail>, "David
>> Jones"
>> <oscaremma [at] gmail> wrote:
>> > Its the z/OS, has LDAP_NO_SIZELIMIT defined. Does not have nor support
>> > LDAP_DEFAULT_SIZELIMIT
>> >
>> > On 2/22/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>> >>
>> >> >>> On 2/22/2007 at 7:12 AM, in message
>> >> <3ce0569d0702220612n3750e50blf7a7d570a7a4c883 [at] mail>, "David
>> >> Jones"
>> >> <oscaremma [at] gmail> wrote:
>> >> > How about something alone these lines? It assumes there is nobody
>> with
>> >> > LDAP_DEFAULT_LIMIT undefined AND LDAP_NO_LIMIT defined, but still
>> >> supports
>> >> > and wishes to use the -1 value.
>> >> >
>> >> > --- util_ldap.c.defaultlimit Wed Feb 21 16:08:51 2007
>> >> > +++ util_ldap.c.nolimit Thu Feb 15 12:50:09 2007
>> >> > @@ -52,15 +52,9 @@
>> >> > #define LDAP_CA_TYPE_BASE64 2
>> >> > #define LDAP_CA_TYPE_CERT7_DB 3
>> >> >
>> >> > -#ifdef LDAP_DEFAULT_LIMIT
>> >> > -#define LDAP_LIMIT_VALUE LDAP_DEFAULT_LIMIT
>> >> > -#else
>> >> > -#ifndef LDAP_NO_LIMIT /* Have neither LDAP_DEFAULT_LIMIT or
>> >> LDAP_NO_LIMIT
>> >> > */
>> >> > -#define LDAP_LIMIT_VALUE -1
>> >> > -#else /* Have LDAP_NO_LIMIT, but not
>> >> LDAP_DEFAULT_LIMIT */
>> >> > -#define LDAP_LIMIT_VALUE LDAP_NO_LIMIT
>> >> > -#endif /* !LDAP_NO_LIMIT */
>> >> > -#endif /* LDAP_DEFAULT_LIMIT */
>> >> > +#ifndef LDAP_NO_LIMIT
>> >> > +#define LDAP_NO_LIMIT -1
>> >> > +#endif
>> >> >
>> >> > module AP_MODULE_DECLARE_DATA ldap_module;
>> >> >
>> >> > @@ -680,7 +674,7 @@
>> >> > /* search for reqdn */
>> >> > if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
>> >> > LDAP_SCOPE_BASE,
>> >> > "(objectclass=*)", NULL, 1,
>> >> > - NULL, NULL, NULL,
>> LDAP_LIMIT_VALUE,
>> >> > &res))
>> >> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
>> >> &res))
>> >> > == LDAP_SERVER_DOWN)
>> >> > {
>> >> > ldc->reason = "DN Comparison ldap_search_ext_s() "
>> >> > @@ -958,7 +952,7 @@
>> >> > if ((result = ldap_search_ext_s(ldc->ldap,
>> >> > (char *)basedn, scope,
>> >> > (char *)filter, attrs, 0,
>> >> > - NULL, NULL, NULL,
>> LDAP_LIMIT_VALUE,
>> >> > &res))
>> >> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
>> >> &res))
>> >> > == LDAP_SERVER_DOWN)
>> >> > {
>> >> > ldc->reason = "ldap_search_ext_s() for user failed with
>> server
>> >> > down";
>> >> > @@ -1198,7 +1192,7 @@
>> >> > if ((result = ldap_search_ext_s(ldc->ldap,
>> >> > (char *)basedn, scope,
>> >> > (char *)filter, attrs, 0,
>> >> > - NULL, NULL, NULL,
>> LDAP_LIMIT_VALUE,
>> >> > &res))
>> >> > + NULL, NULL, NULL, LDAP_NO_LIMIT,
>> >> &res))
>> >> > == LDAP_SERVER_DOWN)
>> >> > {
>> >> > ldc->reason = "ldap_search_ext_s() for user failed with
>> server
>> >> > down";
>> >> >
>> >>
>> >> Maybe I missed this before, but what platform or LDAP SDK does this
>> fail
>> >> on? The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1)
>> and
>> >> according to the OpenLDAP source code, it also supports the same
>> >> functionality if the value of sizelimit is -1 even though it does not
>> >> specifically define LDAP_DEFAULT_SIZELIMIT. I don't know what the
>> Netscape
>> >> or Microsoft SDKs support other than the fact that we have been passing
>> >> those SDKs the same -1 value without a problem. I believe that the
>> only
>> >> reason why we see the hardcoded -1 rather than a #define is simply
>> because
>> >> not all of the SDKs provide a #define yet they all seems to support the
>> >> functionality. We just need to validate that theory.
>> >>
>> >> Brad
>> >>
>> >
>>
>>
>

oscaremma at gmail

Mar 1, 2007, 6:07 PM

Post #10 of 15 (1921 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

How about:
changes to apr_ldap.h.in:
#define APR_HAS_ZOS_LDAPSDK @apu_has_ldap_zos@

#if APR_LDAP_HAS_ZOS_LDAPSDK
#define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
#else
#ifdef LDAP_DEFAULT_LIMIT
#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
#else
#define APR_LDAP_SIZELIMIT -1 /* equivalent to LDAP_DEFAULT_LIMIT */
#endif
#endif

This part of the util_ldap.c patch at the bottom could allow util_ldap.c to
compile regardless of apr-util level, but would not typically commit it?
+#ifndef APR_LDAP_SIZELIMIT
+#define APR_LDAP_SIZELIMIT -1
#endif

Or could add info to apu-conf.m4 for each SDK, eliminating the need for the
ZOS specific #if (would just need #define APR_LDAP_SIZELIMIT
@apu_ldap_sizelimit)
(If get any input from other SDKs then could replace its -1 with
LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT as i did for z/OS)

Index: apu-conf.m4
===================================================================
RCS file: /m0xa/cvs/phoenix/2.2.4/srclib/apr-util/build/apu-conf.m4,v
retrieving revision 1.2
diff -u -d -b -r1.2 apu-conf.m4
--- apu-conf.m4 12 Feb 2007 18:19:20 -0000 1.2
+++ apu-conf.m4 1 Mar 2007 20:07:26 -0000

@@ -267,10 +273,13 @@
apu_has_ldap_sslinit="0"
apu_has_ldapssl_install_routines="0"
apu_has_ldap_openldap="0"
+apu_has_ldap_sizelimit="0"
@@ -354,42 +363,57 @@
AC_EGREP_CPP([OpenLDAP], [$lber_h
$ldap_h
LDAP_VENDOR_NAME], [apu_has_ldap_openldap="1"
+ apu_ldap_sizelimit="-1"
apr_cv_ldap_toolkit="OpenLDAP"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
AC_EGREP_CPP([Sun Microsystems Inc.], [$lber_h
$ldap_h
LDAP_VENDOR_NAME], [apu_has_ldap_solaris="1"
+ apu_ldap_sizelimit="-1"
apr_cv_ldap_toolkit="Solaris"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
AC_EGREP_CPP([Novell], [$lber_h
$ldap_h
LDAP_VENDOR_NAME], [apu_has_ldap_novell="1"
+ apu_ldap_sizelimit="-1"
apr_cv_ldap_toolkit="Novell"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
AC_EGREP_CPP([Microsoft Corporation.], [$lber_h
$ldap_h
LDAP_VENDOR_NAME], [apu_has_ldap_microsoft="1"
+ apu_ldap_sizelimit="-1"

apr_cv_ldap_toolkit="Microsoft"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
AC_EGREP_CPP([Netscape Communications Corp.], [$lber_h
$ldap_h
LDAP_VENDOR_NAME], [apu_has_ldap_netscape="1"
+ apu_ldap_sizelimit="-1"
apr_cv_ldap_toolkit="Netscape"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
AC_EGREP_CPP([mozilla.org], [$lber_h
$ldap_h
LDAP_VENDOR_NAME], [apu_has_ldap_mozilla="1"
+ apu_ldap_sizelimit="-1"
apr_cv_ldap_toolkit="Mozilla"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
+ AC_EGREP_CPP([IBM], [$lber_h
+ $ldap_h
+ LDAP_VENDOR_NAME], [apu_has_ldap_zos="1"
+
apu_ldap_sizelimit="LDAP_NO_LIMIT"
+ apr_cv_ldap_toolkit="ZOS"])
+ fi
+ if test "x$apr_cv_ldap_toolkit" = "x"; then
apu_has_ldap_other="1"
+ apu_ldap_sizelimit="-1"
apr_cv_ldap_toolkit="unknown"
fi
+
])
fi

@@ -398,15 +422,20 @@
LIBS=$save_libs
])

+AC_SUBST(apu_ldap_sizelimit)
AC_SUBST(ldap_h)
AC_SUBST(lber_h)
AC_SUBST(ldap_ssl_h)

@@ -415,6 +444,7 @@
AC_SUBST(apu_has_ldap_microsoft)
AC_SUBST(apu_has_ldap_netscape)
AC_SUBST(apu_has_ldap_mozilla)
+AC_SUBST(apu_has_ldap_zos)
AC_SUBST(apu_has_ldap_other)

])

And finally this same either way except for the question on #ifndef
APR_LDAP_SIZELIMIT
Index: util_ldap.c
===================================================================
RCS file: /m0xa/cvs/phoenix/2.2.4/modules/ldap/util_ldap.c,v
retrieving revision 1.3
diff -u -d -b -r1.3 util_ldap.c
--- util_ldap.c 15 Feb 2007 18:55:41 -0000 1.3
+++ util_ldap.c 1 Mar 2007 20:19:39 -0000
@@ -45,15 +45,8 @@
#include "unixd.h"
#endif

-#ifndef LDAP_NO_LIMIT
-#define LDAP_NO_LIMIT -1
+#ifndef APR_LDAP_SIZELIMIT
+#define APR_LDAP_SIZELIMIT -1
#endif

module AP_MODULE_DECLARE_DATA ldap_module;
@@ -681,7 +681,7 @@
/* search for reqdn */
if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -960,13 +961,14 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";

@@ -1200,14 +1202,14 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";

BNICHOLES at novell

Mar 2, 2007, 12:03 PM

Post #11 of 15 (1906 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Looks good, I think I like your first suggestion better, putting the #ifdef in apr_ldap.h.in. This seems a little more straight forward rather than hiding the value in configure.

Brad

>>> On 3/1/2007 at 7:07 PM, in message
<3ce0569d0703011807g15dcba1eq20bb20c57df6774b [at] mail>, "David Jones"
<oscaremma [at] gmail> wrote:
> How about:
> changes to apr_ldap.h.in:
> #define APR_HAS_ZOS_LDAPSDK @apu_has_ldap_zos@
>
> #if APR_LDAP_HAS_ZOS_LDAPSDK
> #define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
> #else
> #ifdef LDAP_DEFAULT_LIMIT
> #define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> #else
> #define APR_LDAP_SIZELIMIT -1 /* equivalent to LDAP_DEFAULT_LIMIT */
> #endif
> #endif
>
>
> This part of the util_ldap.c patch at the bottom could allow util_ldap.c to
> compile regardless of apr-util level, but would not typically commit it?
> +#ifndef APR_LDAP_SIZELIMIT
> +#define APR_LDAP_SIZELIMIT -1
> #endif
>
>
>
> Or could add info to apu-conf.m4 for each SDK, eliminating the need for the
> ZOS specific #if (would just need #define APR_LDAP_SIZELIMIT
> @apu_ldap_sizelimit)
> (If get any input from other SDKs then could replace its -1 with
> LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT as i did for z/OS)
>
> Index: apu-conf.m4
> ===================================================================
> RCS file: /m0xa/cvs/phoenix/2.2.4/srclib/apr-util/build/apu-conf.m4,v
> retrieving revision 1.2
> diff -u -d -b -r1.2 apu-conf.m4
> --- apu-conf.m4 12 Feb 2007 18:19:20 -0000 1.2
> +++ apu-conf.m4 1 Mar 2007 20:07:26 -0000
>
> @@ -267,10 +273,13 @@
> apu_has_ldap_sslinit="0"
> apu_has_ldapssl_install_routines="0"
> apu_has_ldap_openldap="0"
> +apu_has_ldap_sizelimit="0"
> @@ -354,42 +363,57 @@
> AC_EGREP_CPP([OpenLDAP], [$lber_h
> $ldap_h
> LDAP_VENDOR_NAME], [apu_has_ldap_openldap="1"
> + apu_ldap_sizelimit="-1"
> apr_cv_ldap_toolkit="OpenLDAP"])
> fi
> if test "x$apr_cv_ldap_toolkit" = "x"; then
> AC_EGREP_CPP([Sun Microsystems Inc.], [$lber_h
> $ldap_h
> LDAP_VENDOR_NAME], [apu_has_ldap_solaris="1"
> + apu_ldap_sizelimit="-1"
> apr_cv_ldap_toolkit="Solaris"])
> fi
> if test "x$apr_cv_ldap_toolkit" = "x"; then
> AC_EGREP_CPP([Novell], [$lber_h
> $ldap_h
> LDAP_VENDOR_NAME], [apu_has_ldap_novell="1"
> + apu_ldap_sizelimit="-1"
> apr_cv_ldap_toolkit="Novell"])
> fi
> if test "x$apr_cv_ldap_toolkit" = "x"; then
> AC_EGREP_CPP([Microsoft Corporation.], [$lber_h
> $ldap_h
> LDAP_VENDOR_NAME], [apu_has_ldap_microsoft="1"
> + apu_ldap_sizelimit="-1"
>
> apr_cv_ldap_toolkit="Microsoft"])
> fi
> if test "x$apr_cv_ldap_toolkit" = "x"; then
> AC_EGREP_CPP([Netscape Communications Corp.], [$lber_h
> $ldap_h
> LDAP_VENDOR_NAME], [apu_has_ldap_netscape="1"
> + apu_ldap_sizelimit="-1"
> apr_cv_ldap_toolkit="Netscape"])
> fi
> if test "x$apr_cv_ldap_toolkit" = "x"; then
> AC_EGREP_CPP([mozilla.org], [$lber_h
> $ldap_h
> LDAP_VENDOR_NAME], [apu_has_ldap_mozilla="1"
> + apu_ldap_sizelimit="-1"
> apr_cv_ldap_toolkit="Mozilla"])
> fi
> if test "x$apr_cv_ldap_toolkit" = "x"; then
> + AC_EGREP_CPP([IBM], [$lber_h
> + $ldap_h
> + LDAP_VENDOR_NAME], [apu_has_ldap_zos="1"
> +
> apu_ldap_sizelimit="LDAP_NO_LIMIT"
> + apr_cv_ldap_toolkit="ZOS"])
> + fi
> + if test "x$apr_cv_ldap_toolkit" = "x"; then
> apu_has_ldap_other="1"
> + apu_ldap_sizelimit="-1"
> apr_cv_ldap_toolkit="unknown"
> fi
> +
> ])
> fi
>
> @@ -398,15 +422,20 @@
> LIBS=$save_libs
> ])
>
> +AC_SUBST(apu_ldap_sizelimit)
> AC_SUBST(ldap_h)
> AC_SUBST(lber_h)
> AC_SUBST(ldap_ssl_h)
>
> @@ -415,6 +444,7 @@
> AC_SUBST(apu_has_ldap_microsoft)
> AC_SUBST(apu_has_ldap_netscape)
> AC_SUBST(apu_has_ldap_mozilla)
> +AC_SUBST(apu_has_ldap_zos)
> AC_SUBST(apu_has_ldap_other)
>
> ])
>
>
>
>
> And finally this same either way except for the question on #ifndef
> APR_LDAP_SIZELIMIT
> Index: util_ldap.c
> ===================================================================
> RCS file: /m0xa/cvs/phoenix/2.2.4/modules/ldap/util_ldap.c,v
> retrieving revision 1.3
> diff -u -d -b -r1.3 util_ldap.c
> --- util_ldap.c 15 Feb 2007 18:55:41 -0000 1.3
> +++ util_ldap.c 1 Mar 2007 20:19:39 -0000
> @@ -45,15 +45,8 @@
> #include "unixd.h"
> #endif
>
> -#ifndef LDAP_NO_LIMIT
> -#define LDAP_NO_LIMIT -1
> +#ifndef APR_LDAP_SIZELIMIT
> +#define APR_LDAP_SIZELIMIT -1
> #endif
>
> module AP_MODULE_DECLARE_DATA ldap_module;
> @@ -681,7 +681,7 @@
> /* search for reqdn */
> if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> LDAP_SCOPE_BASE,
> "(objectclass=*)", NULL, 1,
> - NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
> &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "DN Comparison ldap_search_ext_s() "
> @@ -960,13 +961,14 @@
> if ((result = ldap_search_ext_s(ldc->ldap,
> (char *)basedn, scope,
> (char *)filter, attrs, 0,
> - NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
> &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "ldap_search_ext_s() for user failed with server
> down";
>
> @@ -1200,14 +1202,14 @@
> if ((result = ldap_search_ext_s(ldc->ldap,
> (char *)basedn, scope,
> (char *)filter, attrs, 0,
> - NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
> &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "ldap_search_ext_s() for user failed with server
> down"

oscaremma at gmail

Mar 7, 2007, 7:36 AM

Post #12 of 15 (1893 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Patch to commit if no further comments.
Note that it does not have the ZOS define yet, and does not synch apr-util
with httpd.
to avoid synch problems i could add to util_ldap:
#ifndef APR_LDAP_SIZELIMIT
#define APR_LDAP_SIZELIMIT -1
#endif

Index: modules/ldap/util_ldap.c
==============================
>
> =====================================
> --- modules/ldap/util_ldap.c (revision 510991)
> +++ modules/ldap/util_ldap.c (working copy)
> @@ -52,9 +52,6 @@
> #define LDAP_CA_TYPE_BASE64 2
> #define LDAP_CA_TYPE_CERT7_DB 3
>
> -#ifndef LDAP_NO_LIMIT
> -#define LDAP_NO_LIMIT -1
> -#endif
>
> module AP_MODULE_DECLARE_DATA ldap_module;
>
> @@ -660,7 +657,7 @@
> /* search for reqdn */
> if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> LDAP_SCOPE_BASE,
> "(objectclass=*)", NULL, 1,
> - NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
> &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "DN Comparison ldap_search_ext_s() "
> @@ -938,7 +935,7 @@
> if ((result = ldap_search_ext_s(ldc->ldap,
> (char *)basedn, scope,
> (char *)filter, attrs, 0,
> - NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
> &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "ldap_search_ext_s() for user failed with server
> down";
> @@ -1178,7 +1175,7 @@
> if ((result = ldap_search_ext_s(ldc->ldap,
> (char *)basedn, scope,
> (char *)filter, attrs, 0,
> - NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
> &res))
> == LDAP_SERVER_DOWN)
> {
> ldc->reason = "ldap_search_ext_s() for user failed with server
> down";
> Index: apr-util/include/apr_ldap.h.in
> ===================================================================
> --- apr-util/include/apr_ldap.h.in (revision 515593)
> +++ apr-util/include/apr_ldap.h.in (working copy)
> @@ -93,6 +93,15 @@
> #define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
> #endif
>
> +/*
> + * For ldap function calls that input a size limit on the number of
> returned entries.
> + * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (-1) or
> LDAP_NO_LIMIT (0)
> + */
> +#ifdef LDAP_DEFAULT_LIMIT
> +#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> +#else
> +#define APR_LDAP_SIZELIMIT -1 /* equivalent to LDAP_DEFAULT_LIMIT */
> +#endif
>
> /* Note: Macros defining const casting has been removed in APR v1.0,
> * pending real support for LDAP v2.0 toolkits.

On 3/2/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>
> Looks good, I think I like your first suggestion better, putting the
> #ifdef in apr_ldap.h.in. This seems a little more straight forward rather
> than hiding the value in configure.
>
> Brad
>
> >>> On 3/1/2007 at 7:07 PM, in message
> <3ce0569d0703011807g15dcba1eq20bb20c57df6774b [at] mail>, "David
> Jones"
> <oscaremma [at] gmail> wrote:
> > How about:
> > changes to apr_ldap.h.in:
> > #define APR_HAS_ZOS_LDAPSDK @apu_has_ldap_zos@
> >
> > #if APR_LDAP_HAS_ZOS_LDAPSDK
> > #define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
> > #else
> > #ifdef LDAP_DEFAULT_LIMIT
> > #define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> > #else
> > #define APR_LDAP_SIZELIMIT -1 /* equivalent to LDAP_DEFAULT_LIMIT */
> > #endif
> > #endif
> >
> >
> > This part of the util_ldap.c patch at the bottom could allow
> util_ldap.c to
> > compile regardless of apr-util level, but would not typically commit it?
> > +#ifndef APR_LDAP_SIZELIMIT
> > +#define APR_LDAP_SIZELIMIT -1
> > #endif
> >
> >
> >
> > Or could add info to apu-conf.m4 for each SDK, eliminating the need for
> the
> > ZOS specific #if (would just need #define APR_LDAP_SIZELIMIT
> > @apu_ldap_sizelimit)
> > (If get any input from other SDKs then could replace its -1 with
> > LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT as i did for z/OS)
> >
> > Index: apu-conf.m4
> > ===================================================================
> > RCS file: /m0xa/cvs/phoenix/2.2.4/srclib/apr-util/build/apu-conf.m4,v
> > retrieving revision 1.2
> > diff -u -d -b -r1.2 apu-conf.m4
> > --- apu-conf.m4 12 Feb 2007 18:19:20 -0000 1.2
> > +++ apu-conf.m4 1 Mar 2007 20:07:26 -0000
> >
> > @@ -267,10 +273,13 @@
> > apu_has_ldap_sslinit="0"
> > apu_has_ldapssl_install_routines="0"
> > apu_has_ldap_openldap="0"
> > +apu_has_ldap_sizelimit="0"
> > @@ -354,42 +363,57 @@
> > AC_EGREP_CPP([OpenLDAP], [$lber_h
> > $ldap_h
> > LDAP_VENDOR_NAME], [apu_has_ldap_openldap="1"
> > + apu_ldap_sizelimit="-1"
> >
> apr_cv_ldap_toolkit="OpenLDAP"])
> > fi
> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> > AC_EGREP_CPP([Sun Microsystems Inc.], [$lber_h
> > $ldap_h
> > LDAP_VENDOR_NAME], [apu_has_ldap_solaris="1"
> > + apu_ldap_sizelimit="-1"
> >
> apr_cv_ldap_toolkit="Solaris"])
> > fi
> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> > AC_EGREP_CPP([Novell], [$lber_h
> > $ldap_h
> > LDAP_VENDOR_NAME], [apu_has_ldap_novell="1"
> > + apu_ldap_sizelimit="-1"
> >
> apr_cv_ldap_toolkit="Novell"])
> > fi
> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> > AC_EGREP_CPP([Microsoft Corporation.], [$lber_h
> > $ldap_h
> > LDAP_VENDOR_NAME], [apu_has_ldap_microsoft="1"
> > + apu_ldap_sizelimit="-1"
> >
> > apr_cv_ldap_toolkit="Microsoft"])
> > fi
> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> > AC_EGREP_CPP([Netscape Communications Corp.], [$lber_h
> > $ldap_h
> > LDAP_VENDOR_NAME], [apu_has_ldap_netscape="1"
> > + apu_ldap_sizelimit="-1"
> >
> apr_cv_ldap_toolkit="Netscape"])
> > fi
> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> > AC_EGREP_CPP([mozilla.org], [$lber_h
> > $ldap_h
> > LDAP_VENDOR_NAME], [apu_has_ldap_mozilla="1"
> > + apu_ldap_sizelimit="-1"
> >
> apr_cv_ldap_toolkit="Mozilla"])
> > fi
> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> > + AC_EGREP_CPP([IBM], [$lber_h
> > + $ldap_h
> > + LDAP_VENDOR_NAME], [.apu_has_ldap_zos="1"
> > +
> > apu_ldap_sizelimit="LDAP_NO_LIMIT"
> > + apr_cv_ldap_toolkit="ZOS"])
> > + fi
> > + if test "x$apr_cv_ldap_toolkit" = "x"; then
> > apu_has_ldap_other="1"
> > + apu_ldap_sizelimit="-1"
> > apr_cv_ldap_toolkit="unknown"
> > fi
> > +
> > ])
> > fi
> >
> > @@ -398,15 +422,20 @@
> > LIBS=$save_libs
> > ])
> >
> > +AC_SUBST(apu_ldap_sizelimit)
> > AC_SUBST(ldap_h)
> > AC_SUBST(lber_h)
> > AC_SUBST(ldap_ssl_h)
> >
> > @@ -415,6 +444,7 @@
> > AC_SUBST(apu_has_ldap_microsoft)
> > AC_SUBST(apu_has_ldap_netscape)
> > AC_SUBST(apu_has_ldap_mozilla)
> > +AC_SUBST(apu_has_ldap_zos)
> > AC_SUBST(apu_has_ldap_other)
> >
> > ])
> >
> >
> >
> >
> > And finally this same either way except for the question on #ifndef
> > APR_LDAP_SIZELIMIT
> > Index: util_ldap.c
> > ===================================================================
> > RCS file: /m0xa/cvs/phoenix/2.2.4/modules/ldap/util_ldap.c,v
> > retrieving revision 1.3
> > diff -u -d -b -r1.3 util_ldap.c
> > --- util_ldap.c 15 Feb 2007 18:55:41 -0000 1.3
> > +++ util_ldap.c 1 Mar 2007 20:19:39 -0000
> > @@ -45,15 +45,8 @@
> > #include "unixd.h"
> > #endif
> >
> > -#ifndef LDAP_NO_LIMIT
> > -#define LDAP_NO_LIMIT -1
> > +#ifndef APR_LDAP_SIZELIMIT
> > +#define APR_LDAP_SIZELIMIT -1
> > #endif
> >
> > module AP_MODULE_DECLARE_DATA ldap_module;
> > @@ -681,7 +681,7 @@
> > /* search for reqdn */
> > if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
> > LDAP_SCOPE_BASE,
> > "(objectclass=*)", NULL, 1,
> > - NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> > + NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> > &res))
> > == LDAP_SERVER_DOWN)
> > {
> > ldc->reason = "DN Comparison ldap_search_ext_s() "
> > @@ -960,13 +961,14 @@
> > if ((result = ldap_search_ext_s(ldc->ldap,
> > (char *)basedn, scope,
> > (char *)filter, attrs, 0,
> > - NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> > + NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> > &res))
> > == LDAP_SERVER_DOWN)
> > {
> > ldc->reason = "ldap_search_ext_s() for user failed with server
> > down";
> >
> > @@ -1200,14 +1202,14 @@
> > if ((result = ldap_search_ext_s(ldc->ldap,
> > (char *)basedn, scope,
> > (char *)filter, attrs, 0,
> > - NULL, NULL, NULL, LDAP_NO_LIMIT,
> &res))
> > + NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> > &res))
> > == LDAP_SERVER_DOWN)
> > {
> > ldc->reason = "ldap_search_ext_s() for user failed with server
> > down"
>
>
>

bnicholes at novell

Mar 8, 2007, 9:10 AM

Post #13 of 15 (1887 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Please submit a complete patch against trunk for the apr-util code that includes the ZOS define. This should include the makefile magic that defines APR_HAS_ZOS_LDAPSDK as well. Also include a patch for util_ldap.c that will define APR_LDAP_SIZELIMIT if the version of apr-util does not include the #define.

Brad

>>> On Wed, Mar 7, 2007 at 8:36 AM, in message
<3ce0569d0703070736h2a221c2ese79fdadab5ef400c [at] mail>, "David Jones"
<oscaremma [at] gmail> wrote:
> Patch to commit if no further comments.
> Note that it does not have the ZOS define yet, and does not synch apr- util
> with httpd.
> to avoid synch problems i could add to util_ldap:
> #ifndef APR_LDAP_SIZELIMIT
> #define APR_LDAP_SIZELIMIT - 1
> #endif
>
>
>
> Index: modules/ldap/util_ldap.c
> ==============================
>>
>> =====================================
>> --- modules/ldap/util_ldap.c (revision 510991)
>> +++ modules/ldap/util_ldap.c (working copy)
>> @@ - 52,9 +52,6 @@
>> #define LDAP_CA_TYPE_BASE64 2
>> #define LDAP_CA_TYPE_CERT7_DB 3
>>
>> - #ifndef LDAP_NO_LIMIT
>> - #define LDAP_NO_LIMIT - 1
>> - #endif
>>
>> module AP_MODULE_DECLARE_DATA ldap_module;
>>
>> @@ - 660,7 +657,7 @@
>> /* search for reqdn */
>> if ((result = ldap_search_ext_s(ldc- >ldap, (char *)reqdn,
>> LDAP_SCOPE_BASE,
>> "(objectclass=*)", NULL, 1,
>> - NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
>> &res))
>> == LDAP_SERVER_DOWN)
>> {
>> ldc- >reason = "DN Comparison ldap_search_ext_s() "
>> @@ - 938,7 +935,7 @@
>> if ((result = ldap_search_ext_s(ldc- >ldap,
>> (char *)basedn, scope,
>> (char *)filter, attrs, 0,
>> - NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
>> &res))
>> == LDAP_SERVER_DOWN)
>> {
>> ldc- >reason = "ldap_search_ext_s() for user failed with server
>> down";
>> @@ - 1178,7 +1175,7 @@
>> if ((result = ldap_search_ext_s(ldc- >ldap,
>> (char *)basedn, scope,
>> (char *)filter, attrs, 0,
>> - NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> + NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
>> &res))
>> == LDAP_SERVER_DOWN)
>> {
>> ldc- >reason = "ldap_search_ext_s() for user failed with server
>> down";
>> Index: apr- util/include/apr_ldap.h.in
>> ===================================================================
>> --- apr- util/include/apr_ldap.h.in (revision 515593)
>> +++ apr- util/include/apr_ldap.h.in (working copy)
>> @@ - 93,6 +93,15 @@
>> #define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
>> #endif
>>
>> +/*
>> + * For ldap function calls that input a size limit on the number of
>> returned entries.
>> + * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (- 1) or
>> LDAP_NO_LIMIT (0)
>> + */
>> +#ifdef LDAP_DEFAULT_LIMIT
>> +#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
>> +#else
>> +#define APR_LDAP_SIZELIMIT - 1 /* equivalent to LDAP_DEFAULT_LIMIT */
>> +#endif
>>
>> /* Note: Macros defining const casting has been removed in APR v1.0,
>> * pending real support for LDAP v2.0 toolkits.
>
>
>
> On 3/2/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
>>
>> Looks good, I think I like your first suggestion better, putting the
>> #ifdef in apr_ldap.h.in. This seems a little more straight forward rather
>> than hiding the value in configure.
>>
>> Brad
>>
>> >>> On 3/1/2007 at 7:07 PM, in message
>> <3ce0569d0703011807g15dcba1eq20bb20c57df6774b [at] mail>, "David
>> Jones"
>> <oscaremma [at] gmail> wrote:
>> > How about:
>> > changes to apr_ldap.h.in:
>> > #define APR_HAS_ZOS_LDAPSDK @apu_has_ldap_zos@
>> >
>> > #if APR_LDAP_HAS_ZOS_LDAPSDK
>> > #define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
>> > #else
>> > #ifdef LDAP_DEFAULT_LIMIT
>> > #define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
>> > #else
>> > #define APR_LDAP_SIZELIMIT - 1 /* equivalent to LDAP_DEFAULT_LIMIT */
>> > #endif
>> > #endif
>> >
>> >
>> > This part of the util_ldap.c patch at the bottom could allow
>> util_ldap.c to
>> > compile regardless of apr- util level, but would not typically commit it?
>> > +#ifndef APR_LDAP_SIZELIMIT
>> > +#define APR_LDAP_SIZELIMIT - 1
>> > #endif
>> >
>> >
>> >
>> > Or could add info to apu- conf.m4 for each SDK, eliminating the need for
>> the
>> > ZOS specific #if (would just need #define APR_LDAP_SIZELIMIT
>> > @apu_ldap_sizelimit)
>> > (If get any input from other SDKs then could replace its - 1 with
>> > LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT as i did for z/OS)
>> >
>> > Index: apu- conf.m4
>> > ===================================================================
>> > RCS file: /m0xa/cvs/phoenix/2.2.4/srclib/apr- util/build/apu- conf.m4,v
>> > retrieving revision 1.2
>> > diff - u - d - b - r1.2 apu- conf.m4
>> > --- apu- conf.m4 12 Feb 2007 18:19:20 - 0000 1.2
>> > +++ apu- conf.m4 1 Mar 2007 20:07:26 - 0000
>> >
>> > @@ - 267,10 +273,13 @@
>> > apu_has_ldap_sslinit="0"
>> > apu_has_ldapssl_install_routines="0"
>> > apu_has_ldap_openldap="0"
>> > +apu_has_ldap_sizelimit="0"
>> > @@ - 354,42 +363,57 @@
>> > AC_EGREP_CPP([OpenLDAP], [$lber_h
>> > $ldap_h
>> > LDAP_VENDOR_NAME], [apu_has_ldap_openldap="1"
>> > + apu_ldap_sizelimit="- 1"
>> >
>> apr_cv_ldap_toolkit="OpenLDAP"])
>> > fi
>> > if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > AC_EGREP_CPP([Sun Microsystems Inc.], [$lber_h
>> > $ldap_h
>> > LDAP_VENDOR_NAME], [apu_has_ldap_solaris="1"
>> > + apu_ldap_sizelimit="- 1"
>> >
>> apr_cv_ldap_toolkit="Solaris"])
>> > fi
>> > if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > AC_EGREP_CPP([Novell], [$lber_h
>> > $ldap_h
>> > LDAP_VENDOR_NAME], [apu_has_ldap_novell="1"
>> > + apu_ldap_sizelimit="- 1"
>> >
>> apr_cv_ldap_toolkit="Novell"])
>> > fi
>> > if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > AC_EGREP_CPP([Microsoft Corporation.], [$lber_h
>> > $ldap_h
>> > LDAP_VENDOR_NAME], [.apu_has_ldap_microsoft="1"
>> > + apu_ldap_sizelimit="- 1"
>> >
>> > apr_cv_ldap_toolkit="Microsoft"])
>> > fi
>> > if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > AC_EGREP_CPP([Netscape Communications Corp.], [$lber_h
>> > $ldap_h
>> > LDAP_VENDOR_NAME], [apu_has_ldap_netscape="1"
>> > + apu_ldap_sizelimit="- 1"
>> >
>> apr_cv_ldap_toolkit="Netscape"])
>> > fi
>> > if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > AC_EGREP_CPP([mozilla.org], [$lber_h
>> > $ldap_h
>> > LDAP_VENDOR_NAME], [apu_has_ldap_mozilla="1"
>> > + apu_ldap_sizelimit="- 1"
>> >
>> apr_cv_ldap_toolkit="Mozilla"])
>> > fi
>> > if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > + AC_EGREP_CPP([IBM], [$lber_h
>> > + $ldap_h
>> > + LDAP_VENDOR_NAME], [.apu_has_ldap_zos="1"
>> > +
>> > apu_ldap_sizelimit="LDAP_NO_LIMIT"
>> > + apr_cv_ldap_toolkit="ZOS"])
>> > + fi
>> > + if test "x$apr_cv_ldap_toolkit" = "x"; then
>> > apu_has_ldap_other="1"
>> > + apu_ldap_sizelimit="- 1"
>> > apr_cv_ldap_toolkit="unknown"
>> > fi
>> > +
>> > ])
>> > fi
>> >
>> > @@ - 398,15 +422,20 @@
>> > LIBS=$save_libs
>> > ])
>> >
>> > +AC_SUBST(apu_ldap_sizelimit)
>> > AC_SUBST(ldap_h)
>> > AC_SUBST(lber_h)
>> > AC_SUBST(ldap_ssl_h)
>> >
>> > @@ - 415,6 +444,7 @@
>> > AC_SUBST(apu_has_ldap_microsoft)
>> > AC_SUBST(apu_has_ldap_netscape)
>> > AC_SUBST(apu_has_ldap_mozilla)
>> > +AC_SUBST(apu_has_ldap_zos)
>> > AC_SUBST(apu_has_ldap_other)
>> >
>> > ])
>> >
>> >
>> >
>> >
>> > And finally this same either way except for the question on #ifndef
>> > APR_LDAP_SIZELIMIT
>> > Index: util_ldap.c
>> > ===================================================================
>> > RCS file: /m0xa/cvs/phoenix/2.2.4/modules/ldap/util_ldap.c,v
>> > retrieving revision 1.3
>> > diff - u - d - b - r1.3 util_ldap.c
>> > --- util_ldap.c 15 Feb 2007 18:55:41 - 0000 1.3
>> > +++ util_ldap.c 1 Mar 2007 20:19:39 - 0000
>> > @@ - 45,15 +45,8 @@
>> > #include "unixd.h"
>> > #endif
>> >
>> > - #ifndef LDAP_NO_LIMIT
>> > - #define LDAP_NO_LIMIT - 1
>> > +#ifndef APR_LDAP_SIZELIMIT
>> > +#define APR_LDAP_SIZELIMIT - 1
>> > #endif
>> >
>> > module AP_MODULE_DECLARE_DATA ldap_module;
>> > @@ - 681,7 +681,7 @@
>> > /* search for reqdn */
>> > if ((result = ldap_search_ext_s(ldc- >ldap, (char *)reqdn,
>> > LDAP_SCOPE_BASE,
>> > "(objectclass=*)", NULL, 1,
>> > - NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> > + NULL, NULL, NULL,
>> APR_LDAP_SIZELIMIT,
>> > &res))
>> > == LDAP_SERVER_DOWN)
>> > {
>> > ldc- >reason = "DN Comparison ldap_search_ext_s() "
>> > @@ - 960,13 +961,14 @@
>> > if ((result = ldap_search_ext_s(ldc- >ldap,
>> > (char *)basedn, scope,
>> > (char *)filter, attrs, 0,
>> > - NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> > + NULL, NULL, NULL,
>> APR_LDAP_SIZELIMIT,
>> > &res))
>> > == LDAP_SERVER_DOWN)
>> > {
>> > ldc- >reason = "ldap_search_ext_s() for user failed with server
>> > down";
>> >
>> > @@ - 1200,14 +1202,14 @@
>> > if ((result = ldap_search_ext_s(ldc- >ldap,
>> > (char *)basedn, scope,
>> > (char *)filter, attrs, 0,
>> > - NULL, NULL, NULL, LDAP_NO_LIMIT,
>> &res))
>> > + NULL, NULL, NULL,
>> APR_LDAP_SIZELIMIT,
>> > &res))
>> > == LDAP_SERVER_DOWN)
>> > {
>> > ldc- >reason = "ldap_search_ext_s() for user failed with server
>> > down"
>>
>>
>>

oscaremma at gmail

Mar 12, 2007, 12:47 PM

Post #14 of 15 (1857 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Here is the full patch.

Note there are 2 missing defines for z/OS that are added to apr_ldap.h.in.
As there is some intersection with the IBM Tivoli hits from Eric Covener's
Jan 11th post in the m4 file, I have
restricted the grep of ldap.h for the IBM string to only if host=os390.
Tivoli does set the LDAP_VENDOR_NAME, but z/OS
does not. As I'm checking the entire header not just the vendor name define
I want to make sure I don't find the string unintentionally.

Index: apr-util/build/apu-conf.m4
===================================================================
--- apr-util/build/apu-conf.m4 (revision 516457)
+++ apr-util/build/apu-conf.m4 (working copy)
@@ -219,6 +219,7 @@
apu_has_ldap_microsoft="0"
apu_has_ldap_netscape="0"
apu_has_ldap_mozilla="0"
+apu_has_ldap_zos="0"
apu_has_ldap_other="0"

AC_ARG_WITH(ldap-include,[ --with-ldap-include=path path to ldap include
files with trailing slash])
@@ -320,6 +321,15 @@
apr_cv_ldap_toolkit="Mozilla"])
fi
if test "x$apr_cv_ldap_toolkit" = "x"; then
+ case "$host" in
+ *-ibm-os390)
+ AC_EGREP_CPP([IBM], [$lber_h
+ $ldap_h], [apu_has_ldap_zos="1"
+ apr_cv_ldap_toolkit="zOS"])
+ ;;
+ esac
+ fi
+ if test "x$apr_cv_ldap_toolkit" = "x"; then
apu_has_ldap_other="1"
apr_cv_ldap_toolkit="unknown"
fi
@@ -348,6 +358,7 @@
AC_SUBST(apu_has_ldap_microsoft)
AC_SUBST(apu_has_ldap_netscape)
AC_SUBST(apu_has_ldap_mozilla)
+AC_SUBST(apu_has_ldap_zos)
AC_SUBST(apu_has_ldap_other)

])

Index: apr-util/include/apr_ldap.h.in
===================================================================
--- apr-util/include/apr_ldap.h.in (revision 516557)
+++ apr-util/include/apr_ldap.h.in (working copy)
@@ -40,6 +40,7 @@
#define APR_HAS_MOZILLA_LDAPSDK @apu_has_ldap_mozilla@
#define APR_HAS_OPENLDAP_LDAPSDK @apu_has_ldap_openldap@
#define APR_HAS_MICROSOFT_LDAPSDK @apu_has_ldap_microsoft@
+#define APR_HAS_ZOS_LDAPSDK @apu_has_ldap_zos@
#define APR_HAS_OTHER_LDAPSDK @apu_has_ldap_other@

@@ -93,7 +94,30 @@
#define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
#endif

+/*
+ * For ldap function calls that input a size limit on the number of
returned elements
+ * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (-1) or
LDAP_NO_LIMIT (0)
+ */
+#if APR_HAS_ZOS_LDAPSDK
+#define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
+#else
+#ifdef LDAP_DEFAULT_LIMIT
+#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
+#else
+#define APR_LDAP_SIZELIMIT -1 /* equivalent to LDAP_DEFAULT_LIMIT */
+#endif
+#endif

+/*
+ * z/OS is missing some defines
+ */
+#ifndef LDAP_VERSION_MAX
+#define LDAP_VERSION_MAX LDAP_VERSION
+#endif
+#ifdef APR_HAS_ZOS_LDAPSDK
+#define LDAP_VENDOR_NAME "IBM z/OS"
+#endif
+
/* Note: Macros defining const casting has been removed in APR v1.0,
* pending real support for LDAP v2.0 toolkits.
*
Index: modules/ldap/util_ldap.c
===================================================================
--- modules/ldap/util_ldap.c (revision 510991)
+++ modules/ldap/util_ldap.c (working copy)
@@ -52,8 +52,11 @@
#define LDAP_CA_TYPE_BASE64 2
#define LDAP_CA_TYPE_CERT7_DB 3

-#ifndef LDAP_NO_LIMIT
-#define LDAP_NO_LIMIT -1
+/* Default define for ldap functions that need a SIZELIMIT but
+ * do not have the define
+ */
+#ifndef APR_LDAP_SIZELIMIT
+#define APR_LDAP_SIZELIMIT -1
#endif

module AP_MODULE_DECLARE_DATA ldap_module;
@@ -660,7 +663,7 @@
/* search for reqdn */
if ((result = ldap_search_ext_s(ldc->ldap, (char *)reqdn,
LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
- NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "DN Comparison ldap_search_ext_s() "
@@ -938,7 +941,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";
@@ -1178,7 +1181,7 @@
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
- NULL, NULL, NULL, LDAP_NO_LIMIT, &res))
+ NULL, NULL, NULL, APR_LDAP_SIZELIMIT,
&res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";

On 3/8/07, Brad Nicholes <bnicholes [at] novell> wrote:
>
> Please submit a complete patch against trunk for the apr-util code that
> includes the ZOS define. This should include the makefile magic that
> defines APR_HAS_ZOS_LDAPSDK as well. Also include a patch for util_ldap.c
> that will define APR_LDAP_SIZELIMIT if the version of apr-util does not
> include the #define.
>
> Brad
>
> >>> On Wed, Mar 7, 2007 at 8:36 AM, in message
> <3ce0569d0703070736h2a221c2ese79fdadab5ef400c [at] mail>, "David
> Jones"
> <oscaremma [at] gmail> wrote:
> > Patch to commit if no further comments.
> > Note that it does not have the ZOS define yet, and does not synch apr-
> util
> > with httpd.
> > to avoid synch problems i could add to util_ldap:
> > #ifndef APR_LDAP_SIZELIMIT
> > #define APR_LDAP_SIZELIMIT - 1
> > #endif
> >
> >
> >
> > Index: modules/ldap/util_ldap.c
> > ==============================
> >>
> >> =====================================
> >> --- modules/ldap/util_ldap.c (revision 510991)
> >> +++ modules/ldap/util_ldap.c (working copy)
> >> @@ - 52,9 +52,6 @@
> >> #define LDAP_CA_TYPE_BASE64 2
> >> #define LDAP_CA_TYPE_CERT7_DB 3
> >>
> >> - #ifndef LDAP_NO_LIMIT
> >> - #define LDAP_NO_LIMIT - 1
> >> - #endif
> >>
> >> module AP_MODULE_DECLARE_DATA ldap_module;
> >>
> >> @@ - 660,7 +657,7 @@
> >> /* search for reqdn */
> >> if ((result = ldap_search_ext_s(ldc- >ldap, (char *)reqdn,
> >> LDAP_SCOPE_BASE,
> >> "(objectclass=*)", NULL, 1,
> >> - NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> + NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> >> &res))
> >> == LDAP_SERVER_DOWN)
> >> {
> >> ldc- >reason = "DN Comparison ldap_search_ext_s() "
> >> @@ - 938,7 +935,7 @@
> >> if ((result = ldap_search_ext_s(ldc- >ldap,
> >> (char *)basedn, scope,
> >> (char *)filter, attrs, 0,
> >> - NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> + NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> >> &res))
> >> == LDAP_SERVER_DOWN)
> >> {
> >> ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> down";
> >> @@ - 1178,7 +1175,7 @@
> >> if ((result = ldap_search_ext_s(ldc- >ldap,
> >> (char *)basedn, scope,
> >> (char *)filter, attrs, 0,
> >> - NULL, NULL, NULL, LDAP_NO_LIMIT,
> >> &res))
> >> + NULL, NULL, NULL,
> APR_LDAP_SIZELIMIT,
> >> &res))
> >> == LDAP_SERVER_DOWN)
> >> {
> >> ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> down";
> >> Index: apr- util/include/apr_ldap.h.in
> >> ===================================================================
> >> --- apr- util/include/apr_ldap.h.in (revision 515593)
> >> +++ apr- util/include/apr_ldap.h.in (working copy)
> >> @@ - 93,6 +93,15 @@
> >> #define LDAPS_PORT 636 /* ldaps:/// default LDAP over TLS port */
> >> #endif
> >>
> >> +/*
> >> + * For ldap function calls that input a size limit on the number of
> >> returned entries.
> >> + * Some SDKs do not have the define for LDAP_DEFAULT_LIMIT (- 1) or
> >> LDAP_NO_LIMIT (0)
> >> + */
> >> +#ifdef LDAP_DEFAULT_LIMIT
> >> +#define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> >> +#else
> >> +#define APR_LDAP_SIZELIMIT - 1 /* equivalent to LDAP_DEFAULT_LIMIT */
> >> +#endif
> >>
> >> /* Note: Macros defining const casting has been removed in APR v1.0,
> >> * pending real support for LDAP v2.0 toolkits.
> >
> >
> >
> > On 3/2/07, Brad Nicholes <BNICHOLES [at] novell> wrote:
> >>
> >> Looks good, I think I like your first suggestion better, putting the
> >> #ifdef in apr_ldap.h.in. This seems a little more straight forward
> rather
> >> than hiding the value in configure.
> >>
> >> Brad
> >>
> >> >>> On 3/1/2007 at 7:07 PM, in message
> >> <3ce0569d0703011807g15dcba1eq20bb20c57df6774b [at] mail>, "David
> >> Jones"
> >> <oscaremma [at] gmail> wrote:
> >> > How about:
> >> > changes to apr_ldap.h.in:
> >> > #define APR_HAS_ZOS_LDAPSDK @apu_has_ldap_zos@
> >> >
> >> > #if APR_LDAP_HAS_ZOS_LDAPSDK
> >> > #define APR_LDAP_SIZELIMIT LDAP_NO_LIMIT
> >> > #else
> >> > #ifdef LDAP_DEFAULT_LIMIT
> >> > #define APR_LDAP_SIZELIMIT LDAP_DEFAULT_LIMIT
> >> > #else
> >> > #define APR_LDAP_SIZELIMIT - 1 /* equivalent to LDAP_DEFAULT_LIMIT */
> >> > #endif
> >> > #endif
> >> >
> >> >
> >> > This part of the util_ldap.c patch at the bottom could allow
> >> util_ldap.c to
> >> > compile regardless of apr- util level, but would not typically commit
> it?
> >> > +#ifndef APR_LDAP_SIZELIMIT
> >> > +#define APR_LDAP_SIZELIMIT - 1
> >> > #endif
> >> >
> >> >
> >> >
> >> > Or could add info to apu- conf.m4 for each SDK, eliminating the need
> for
> >> the
> >> > ZOS specific #if (would just need #define APR_LDAP_SIZELIMIT
> >> > @apu_ldap_sizelimit)
> >> > (If get any input from other SDKs then could replace its - 1 with
> >> > LDAP_DEFAULT_LIMIT or LDAP_NO_LIMIT as i did for z/OS)
> >> >
> >> > Index: apu- conf.m4
> >> > ===================================================================
> >> > RCS file: /m0xa/cvs/phoenix/2.2.4/srclib/apr- util/build/apu- conf.m4
> ,v
> >> > retrieving revision 1.2
> >> > diff - u - d - b - r1.2 apu- conf.m4
> >> > --- apu- conf.m4 12 Feb 2007 18:19:20 - 0000 1.2
> >> > +++ apu- conf.m4 1 Mar 2007 20:07:26 - 0000
> >> >
> >> > @@ - 267,10 +273,13 @@
> >> > apu_has_ldap_sslinit="0"
> >> > apu_has_ldapssl_install_routines="0"
> >> > apu_has_ldap_openldap="0"
> >> > +apu_has_ldap_sizelimit="0"
> >> > @@ - 354,42 +363,57 @@
> >> > AC_EGREP_CPP([OpenLDAP], [$lber_h
> >> > $ldap_h
> >> > LDAP_VENDOR_NAME], [.apu_has_ldap_openldap="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="OpenLDAP"])
> >> > fi
> >> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > AC_EGREP_CPP([Sun Microsystems Inc.], [$lber_h
> >> > $ldap_h
> >> > LDAP_VENDOR_NAME], [.apu_has_ldap_solaris="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Solaris"])
> >> > fi
> >> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > AC_EGREP_CPP([Novell], [$lber_h
> >> > $ldap_h
> >> > LDAP_VENDOR_NAME], [.apu_has_ldap_novell="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Novell"])
> >> > fi
> >> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > AC_EGREP_CPP([Microsoft Corporation.], [$lber_h
> >> > $ldap_h
> >> > LDAP_VENDOR_NAME],
> [apu_has_ldap_microsoft="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> >
> >> > apr_cv_ldap_toolkit="Microsoft"])
> >> > fi
> >> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > AC_EGREP_CPP([Netscape Communications Corp.], [$lber_h
> >> > $ldap_h
> >> > LDAP_VENDOR_NAME], [.apu_has_ldap_netscape="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Netscape"])
> >> > fi
> >> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > AC_EGREP_CPP([mozilla.org], [$lber_h
> >> > $ldap_h
> >> > LDAP_VENDOR_NAME], [.apu_has_ldap_mozilla="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> >
> >> apr_cv_ldap_toolkit="Mozilla"])
> >> > fi
> >> > if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > + AC_EGREP_CPP([IBM], [.$lber_h
> >> > + $ldap_h
> >> > + LDAP_VENDOR_NAME], [.apu_has_ldap_zos="1"
> >> > +
> >> > apu_ldap_sizelimit="LDAP_NO_LIMIT"
> >> > +
> apr_cv_ldap_toolkit="ZOS"])
> >> > + fi
> >> > + if test "x$apr_cv_ldap_toolkit" = "x"; then
> >> > apu_has_ldap_other="1"
> >> > + apu_ldap_sizelimit="- 1"
> >> > apr_cv_ldap_toolkit="unknown"
> >> > fi
> >> > +
> >> > ])
> >> > fi
> >> >
> >> > @@ - 398,15 +422,20 @@
> >> > LIBS=$save_libs
> >> > ])
> >> >
> >> > +AC_SUBST(apu_ldap_sizelimit)
> >> > AC_SUBST(ldap_h)
> >> > AC_SUBST(lber_h)
> >> > AC_SUBST(ldap_ssl_h)
> >> >
> >> > @@ - 415,6 +444,7 @@
> >> > AC_SUBST(apu_has_ldap_microsoft)
> >> > AC_SUBST(apu_has_ldap_netscape)
> >> > AC_SUBST(apu_has_ldap_mozilla)
> >> > +AC_SUBST(apu_has_ldap_zos)
> >> > AC_SUBST(apu_has_ldap_other)
> >> >
> >> > ])
> >> >
> >> >
> >> >
> >> >
> >> > And finally this same either way except for the question on #ifndef
> >> > APR_LDAP_SIZELIMIT
> >> > Index: util_ldap.c
> >> > ===================================================================
> >> > RCS file: /m0xa/cvs/phoenix/2.2.4/modules/ldap/util_ldap.c,v
> >> > retrieving revision 1.3
> >> > diff - u - d - b - r1.3 util_ldap.c
> >> > --- util_ldap.c 15 Feb 2007 18:55:41 - 0000 1.3
> >> > +++ util_ldap.c 1 Mar 2007 20:19:39 - 0000
> >> > @@ - 45,15 +45,8 @@
> >> > #include "unixd.h"
> >> > #endif
> >> >
> >> > - #ifndef LDAP_NO_LIMIT
> >> > - #define LDAP_NO_LIMIT - 1
> >> > +#ifndef APR_LDAP_SIZELIMIT
> >> > +#define APR_LDAP_SIZELIMIT - 1
> >> > #endif
> >> >
> >> > module AP_MODULE_DECLARE_DATA ldap_module;
> >> > @@ - 681,7 +681,7 @@
> >> > /* search for reqdn */
> >> > if ((result = ldap_search_ext_s(ldc- >ldap, (char *)reqdn,
> >> > LDAP_SCOPE_BASE,
> >> > "(objectclass=*)", NULL, 1,
> >> > - NULL, NULL, NULL,
> LDAP_NO_LIMIT,
> >> &res))
> >> > + NULL, NULL, NULL,
> >> APR_LDAP_SIZELIMIT,
> >> > &res))
> >> > == LDAP_SERVER_DOWN)
> >> > {
> >> > ldc- >reason = "DN Comparison ldap_search_ext_s() "
> >> > @@ - 960,13 +961,14 @@
> >> > if ((result = ldap_search_ext_s(ldc- >ldap,
> >> > (char *)basedn, scope,
> >> > (char *)filter, attrs, 0,
> >> > - NULL, NULL, NULL,
> LDAP_NO_LIMIT,
> >> &res))
> >> > + NULL, NULL, NULL,
> >> APR_LDAP_SIZELIMIT,
> >> > &res))
> >> > == LDAP_SERVER_DOWN)
> >> > {
> >> > ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> > down";
> >> >
> >> > @@ - 1200,14 +1202,14 @@
> >> > if ((result = ldap_search_ext_s(ldc- >ldap,
> >> > (char *)basedn, scope,
> >> > (char *)filter, attrs, 0,
> >> > - NULL, NULL, NULL,
> LDAP_NO_LIMIT,
> >> &res))
> >> > + NULL, NULL, NULL,
> >> APR_LDAP_SIZELIMIT,
> >> > &res))
> >> > == LDAP_SERVER_DOWN)
> >> > {
> >> > ldc- >reason = "ldap_search_ext_s() for user failed with
> server
> >> > down"
> >>
> >>
> >>
>
>
>

awang at ptc

Mar 12, 2007, 3:03 PM

Post #15 of 15 (1848 views)
Permalink

Re: util_ldap.c use of hardcoded sizelimit on ldap_search_ext_s causing error [In reply to]

Brad Nicholes wrote:
> Maybe I missed this before, but what platform or LDAP SDK does this fail on? The Novell LDAP SDK obviously supports LDAP_DEFAULT_SIZELIMIT (-1) and according to the OpenLDAP source code, it also supports the same functionality if the value of sizelimit is -1 even though it does not specifically define LDAP_DEFAULT_SIZELIMIT. I don't know what the Netscape or Microsoft SDKs support other than the fact that we have been passing those SDKs the same -1 value without a problem. I believe that the only reason why we see the hardcoded -1 rather than a #define is simply because not all of the SDKs provide a #define yet they all seems to support the functionality. We just need to validate that theory.
>
> Brad
>
>
http://issues.apache.org/bugzilla/show_bug.cgi?id=37814
Microsoft's LDAP SDK has problems with -1. The MS SDK uses an unsigned
int, so we get 2^32-1 for the size limit which is out of spec per the
RFC and openldap 2.2.x doesn't like it.

I've never checked to see if the MS LDAP SDK has a LDAP_NO_LIMIT or
LDAP_DEFAULT_LIMIT define, so if it doesn't, perhaps someone wants to
merge my patch in to this one.

Andy

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads