LDAP: Add the wildcard_limit option

Related:
    https://fedorahosted.org/sssd/ticket/2553

Adds a new wildcard_limit option that is set by default to 1000 (one
page). This option limits the number of entries that can by default be
returned by a wildcard search.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index f66ae2604..a864a8b21 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -674,6 +674,7 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req)
     struct tevent_req *subreq;
     struct sdap_search_user_state *state;
     bool need_paging = false;
+    int sizelimit = 0;
 
     state = tevent_req_data(req, struct sdap_search_user_state);
 
@@ -691,13 +692,18 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req)
 
     switch (state->lookup_type) {
     case SDAP_LOOKUP_SINGLE:
+        sizelimit = 1;
         need_paging = false;
         break;
     /* Only requests that can return multiple entries should require
      * the paging control
      */
     case SDAP_LOOKUP_WILDCARD:
+        sizelimit = dp_opt_get_int(state->opts->basic, SDAP_WILDCARD_LIMIT);
+        need_paging = true;
+        break;
     case SDAP_LOOKUP_ENUMERATE:
+        sizelimit = 0;  /* unlimited */
         need_paging = true;
         break;
     }
@@ -708,7 +714,7 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req)
             state->search_bases[state->base_iter]->scope,
             state->filter, state->attrs,
             state->opts->user_map, state->opts->user_map_cnt,
-            0, NULL, NULL, 0, state->timeout,
+            0, NULL, NULL, sizelimit, state->timeout,
             need_paging);
     if (subreq == NULL) {
         return ENOMEM;