[Freeipa-devel] [PATCH] 248 Raise proper exception when LDAP limits are exceeded

Mon Apr 16 17:51:41 UTC 2012

Rob Crittenden wrote:
> Jan Cholasta wrote:
>> On 10.4.2012 10:57, Martin Kosek wrote:
>>> Few test hints are attached to the ticket.
>>>
>>> ---
>>>
>>> ldap2 plugin returns NotFound error for find_entries/get_entry
>>> queries when the server did not manage to return an entry
>>> due to time limits. This may be confusing for user when the
>>> entry he searches actually exists.
>>>
>>> This patch fixes the behavior in ldap2 plugin to return
>>> LimitsExceeded exception instead. This way, user would know
>>> that his time/size limits are set too low and can amend them to
>>> get correct results.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2606
>>>
>>
>> ACK.
>>
>> Honza
>>
>
> Before pushing I'd like to look at this more. truncated is supposed to
> indicate a limits problem. I want to see if the caller should be
> responsible for returning a limits error instead.
>
> rob

This is what I had in mind.

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 61341b0..447e738 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -754,7 +754,7 @@ class ldap2(CrudBackend, Encoder):
          except _ldap.LDAPError, e:
              _handle_errors(e)

-        if not res:
+        if not res and not truncated:
              raise errors.NotFound(reason='no such entry')

          if attrs_list and ('memberindirect' in attrs_list or '*' in 
attrs_list)
:
@@ -801,7 +801,10 @@ class ldap2(CrudBackend, Encoder):
          if len(entries) > 1:
              raise errors.SingleMatchExpected(found=len(entries))
          else:
-            return entries[0]
+            if truncated:
+                raise errors.LimitsExceeded()
+            else:
+                return entries[0]

      def get_entry(self, dn, attrs_list=None, time_limit=None,
                    size_limit=None, normalize=True):
@@ -811,10 +814,13 @@ class ldap2(CrudBackend, Encoder):
          Keyword arguments:
          attrs_list - list of attributes to return, all if None 
(default None)
          """
-        return self.find_entries(
+        (entry, truncated) = self.find_entries(
              None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit,
              size_limit=size_limit, normalize=normalize
-        )[0][0]
+        )
+        if truncated:
+            raise errors.LimitsExceeded()
+        return entry[0]

      config_defaults = {'ipasearchtimelimit': [2], 
'ipasearchrecordslimit': [0]}
      def get_ipa_config(self, attrs_list=None):


