summaryrefslogtreecommitdiffstats
path: root/ipalib
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-01-13 13:08:52 -0500
committerRob Crittenden <rcritten@redhat.com>2011-01-14 09:48:07 -0500
commit67852835684ca44e14cf650a9793d123f111a04d (patch)
treee348a0ff3aec38049bb587749376bae2cf8103a5 /ipalib
parent680148ed036bcef5ecfc0ca1938b9768d8a233ca (diff)
downloadfreeipa-67852835684ca44e14cf650a9793d123f111a04d.tar.gz
freeipa-67852835684ca44e14cf650a9793d123f111a04d.tar.xz
freeipa-67852835684ca44e14cf650a9793d123f111a04d.zip
python-ldap fails gloriously if the search time limit is 0. Don't allow it.
Don't allow the time limit to be set in the API. Also add a failsafe in the ldap driver because such bad things happen if this value is 0. I think it literally spends 0 time on the request and just returns immediately. ticket 752
Diffstat (limited to 'ipalib')
-rw-r--r--ipalib/plugins/config.py8
1 files changed, 7 insertions, 1 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index cabfd7610..438f66385 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -68,8 +68,14 @@ from ipalib import api
from ipalib import Bool, Int, Str, IA5Str
from ipalib.plugins.baseldap import *
from ipalib import _
+from ipalib.errors import ValidationError
+def validate_searchtimelimit(ugettext, limit):
+ if limit == 0:
+ raise ValidationError(name='ipasearchtimelimit', error=_('searchtimelimit must be -1 or > 1.'))
+ return None
+
class config(LDAPObject):
"""
IPA configuration object
@@ -110,7 +116,7 @@ class config(LDAPObject):
label=_('Default e-mail domain'),
doc=_('Default e-mail domain new users'),
),
- Int('ipasearchtimelimit?',
+ Int('ipasearchtimelimit?', validate_searchtimelimit,
cli_name='searchtimelimit',
label=_('Search time limit'),
doc=_('Max. amount of time (sec.) for a search (-1 is unlimited)'),
generated by cgit (git 2.34.1) at 2024-04-28 12:02:29 +0000