[Freeipa-devel] [PATCH] 248 Raise proper exception when LDAP limits are exceeded
Rob Crittenden
rcritten at redhat.com
Mon Apr 16 17:51:41 UTC 2012
Rob Crittenden wrote:
> Jan Cholasta wrote:
>> On 10.4.2012 10:57, Martin Kosek wrote:
>>> Few test hints are attached to the ticket.
>>>
>>> ---
>>>
>>> ldap2 plugin returns NotFound error for find_entries/get_entry
>>> queries when the server did not manage to return an entry
>>> due to time limits. This may be confusing for user when the
>>> entry he searches actually exists.
>>>
>>> This patch fixes the behavior in ldap2 plugin to return
>>> LimitsExceeded exception instead. This way, user would know
>>> that his time/size limits are set too low and can amend them to
>>> get correct results.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2606
>>>
>>
>> ACK.
>>
>> Honza
>>
>
> Before pushing I'd like to look at this more. truncated is supposed to
> indicate a limits problem. I want to see if the caller should be
> responsible for returning a limits error instead.
>
> rob
This is what I had in mind.
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 61341b0..447e738 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -754,7 +754,7 @@ class ldap2(CrudBackend, Encoder):
except _ldap.LDAPError, e:
_handle_errors(e)
- if not res:
+ if not res and not truncated:
raise errors.NotFound(reason='no such entry')
if attrs_list and ('memberindirect' in attrs_list or '*' in
attrs_list)
:
@@ -801,7 +801,10 @@ class ldap2(CrudBackend, Encoder):
if len(entries) > 1:
raise errors.SingleMatchExpected(found=len(entries))
else:
- return entries[0]
+ if truncated:
+ raise errors.LimitsExceeded()
+ else:
+ return entries[0]
def get_entry(self, dn, attrs_list=None, time_limit=None,
size_limit=None, normalize=True):
@@ -811,10 +814,13 @@ class ldap2(CrudBackend, Encoder):
Keyword arguments:
attrs_list - list of attributes to return, all if None
(default None)
"""
- return self.find_entries(
+ (entry, truncated) = self.find_entries(
None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit,
size_limit=size_limit, normalize=normalize
- )[0][0]
+ )
+ if truncated:
+ raise errors.LimitsExceeded()
+ return entry[0]
config_defaults = {'ipasearchtimelimit': [2],
'ipasearchrecordslimit': [0]}
def get_ipa_config(self, attrs_list=None):
More information about the Freeipa-devel
mailing list