diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-01-13 13:08:52 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-14 09:48:07 -0500 |
commit | 67852835684ca44e14cf650a9793d123f111a04d (patch) | |
tree | e348a0ff3aec38049bb587749376bae2cf8103a5 /ipalib | |
parent | 680148ed036bcef5ecfc0ca1938b9768d8a233ca (diff) | |
download | freeipa-67852835684ca44e14cf650a9793d123f111a04d.tar.gz freeipa-67852835684ca44e14cf650a9793d123f111a04d.tar.xz freeipa-67852835684ca44e14cf650a9793d123f111a04d.zip |
python-ldap fails gloriously if the search time limit is 0. Don't allow it.
Don't allow the time limit to be set in the API. Also add a failsafe
in the ldap driver because such bad things happen if this value is 0.
I think it literally spends 0 time on the request and just returns
immediately.
ticket 752
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/config.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index cabfd761..438f6638 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -68,8 +68,14 @@ from ipalib import api from ipalib import Bool, Int, Str, IA5Str from ipalib.plugins.baseldap import * from ipalib import _ +from ipalib.errors import ValidationError +def validate_searchtimelimit(ugettext, limit): + if limit == 0: + raise ValidationError(name='ipasearchtimelimit', error=_('searchtimelimit must be -1 or > 1.')) + return None + class config(LDAPObject): """ IPA configuration object @@ -110,7 +116,7 @@ class config(LDAPObject): label=_('Default e-mail domain'), doc=_('Default e-mail domain new users'), ), - Int('ipasearchtimelimit?', + Int('ipasearchtimelimit?', validate_searchtimelimit, cli_name='searchtimelimit', label=_('Search time limit'), doc=_('Max. amount of time (sec.) for a search (-1 is unlimited)'), |