From 1a9beac1bebc7d9b0207053a7eb6d775cae590d1 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 16 Dec 2013 16:11:33 +0100
Subject: permission_find: Do not fail for ipasearchrecordslimit=-1

ipasearchrecordslimit can be -1, which means unlimited.
The permission_find post_callback failed in this case in legacy
permission handling.
Do not fail in this case.
---
 ipalib/plugins/permission.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ipalib/plugins/permission.py')

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 345faa896..fef640c37 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -891,11 +891,12 @@ class permission_find(baseldap.LDAPSearch):
             for entry in legacy_entries:
                 if entry.single_value['cn'] in nonlegacy_names:
                     continue
-                if len(entries) > max_entries:
+                if max_entries > 0 and len(entries) > max_entries:
                     # We've over the limit, pop the last entry and set
                     # truncated flag
                     # (this is easier to do than checking before adding
                     # the entry to results)
+                    # (max_entries <= 0 means unlimited)
                     entries.pop()
                     truncated = True
                     break
-- 
cgit