3 files changed, 52 insertions, 17 deletions

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 69bda6d81..1757a452e 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -829,21 +829,19 @@ class LDAPSearch(CallbackInterface, crud.Search):
     Retrieve all LDAP entries matching the given criteria.
     """
     takes_options = (
-        Int('timelimit',
+        Int('timelimit?',
             label=_('Time Limit'),
-            doc=_('Time limit of search in seconds (default 1)'),
-            flags=['no_dispaly'],
+            doc=_('Time limit of search in seconds'),
+            flags=['no_display'],
             minvalue=0,
-            default=1,
-            autofill=True,
+            autofill=False,
         ),
-        Int('sizelimit',
+        Int('sizelimit?',
             label=_('Size Limit'),
-            doc=_('Maximum number of entries returned (default 3000)'),
-            flags=['no_dispaly'],
+            doc=_('Maximum number of entries returned'),
+            flags=['no_display'],
             minvalue=0,
-            default=3000,
-            autofill=True,
+            autofill=False,
         ),
     )
 
@@ -911,8 +909,8 @@ class LDAPSearch(CallbackInterface, crud.Search):
         try:
             (entries, truncated) = ldap.find_entries(
                 filter, attrs_list, base_dn, scope=ldap.SCOPE_ONELEVEL,
-                time_limit=options.get('timelimit', 1),
-                size_limit=options.get('sizelimit', 3000)
+                time_limit=options.get('timelimit', None),
+                size_limit=options.get('sizelimit', None)
             )
         except errors.ExecutionError, e:
             try:
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 81c2aeb53..79d6d9960 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -466,7 +466,7 @@ class ldap2(CrudBackend, Encoder):
     @encode_args(1, 2, 3)
     @decode_retval()
     def find_entries(self, filter, attrs_list=None, base_dn='',
-            scope=_ldap.SCOPE_SUBTREE, time_limit=1, size_limit=3000,
+            scope=_ldap.SCOPE_SUBTREE, time_limit=None, size_limit=None,
             normalize=True):
         """
         Return a list of entries [(dn, entry_attrs)] matching specified
@@ -477,8 +477,8 @@ class ldap2(CrudBackend, Encoder):
         attrs_list -- list of attributes to return, all if None (default None)
         base_dn -- dn of the entry at which to start the search (default '')
         scope -- search scope, see LDAP docs (default ldap2.SCOPE_SUBTREE)
-        time_limit -- time limit in seconds (default 1)
-        size_limit -- size (number of entries returned) limit (default 3000)
+        time_limit -- time limit in seconds (default use IPA config values)
+        size_limit -- size (number of entries returned) limit (default use IPA config values)
         normalize -- normalize the DN (default True)
         """
         if normalize:
@@ -488,6 +488,17 @@ class ldap2(CrudBackend, Encoder):
         res = []
         truncated = False
 
+        if time_limit is None or size_limit is None:
+            (cdn, config) = self.get_ipa_config()
+            if time_limit is None:
+                time_limit = config.get('ipasearchtimelimit')[0]
+            if size_limit is None:
+                size_limit = config.get('ipasearchrecordslimit')[0]
+        if not isinstance(size_limit, int):
+            size_limit = int(size_limit)
+        if not isinstance(time_limit, float):
+            time_limit = float(time_limit)
+
         # pass arguments to python-ldap
         try:
             id = self.conn.search_ext(
@@ -534,8 +545,9 @@ class ldap2(CrudBackend, Encoder):
 
     def get_ipa_config(self):
         """Returns the IPA configuration entry (dn, entry_attrs)."""
-        filter = '(cn=ipaConfig)'
-        return self.find_entries(filter, None, 'cn=etc', self.SCOPE_ONELEVEL)[0][0]
+        cdn = "%s,%s" % (api.Object.config.get_dn(), api.env.basedn)
+        return self.find_entries(None, None, cdn, self.SCOPE_BASE,
+            time_limit=2, size_limit=10)[0][0]
 
     def get_schema(self):
         """Returns a copy of the current LDAP schema."""
diff --git a/tests/test_xmlrpc/test_user_plugin.py b/tests/test_xmlrpc/test_user_plugin.py
index 4bae4c8df..1cbccbbc4 100644
--- a/tests/test_xmlrpc/test_user_plugin.py
+++ b/tests/test_xmlrpc/test_user_plugin.py
@@ -209,6 +209,31 @@ class test_user(Declarative):
 
 
         dict(
+            desc='Search for all users with a limit of 1',
+            command=(
+                'user_find', [], dict(sizelimit=1,),
+            ),
+            expected=dict(
+                result=[
+                    dict(
+                        dn=u'uid=admin,cn=users,cn=accounts,' + api.env.basedn,
+                        homedirectory=[u'/home/admin'],
+                        loginshell=[u'/bin/bash'],
+                        sn=[u'Administrator'],
+                        uid=[u'admin'],
+                        memberof_group=[u'admins'],
+                        memberof_rolegroup=[u'replicaadmin'],
+                        memberof_taskgroup=[u'managereplica', u'deletereplica'],
+                    ),
+                ],
+                summary=u'1 user matched',
+                count=1,
+                truncated=True,
+            ),
+        ),
+
+
+        dict(
             desc='Lock %r' % user1,
             command=(
                 'user_lock', [user1], {}