From c45495c7a585da4de99e34c98223981a41cfd56d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 29 Apr 2013 16:42:46 +0200
Subject: LDAP: Only use paging control on requests for multiple entries

The paging control can cause issues on servers that put limits on how
many paging controls can be active at one time (on some servers, it is
limited to one per connection). We need to reduce our usage so that we
only activate the paging control when making a request that may return an
arbitrary number of results.
---
 src/providers/ldap/sdap_async.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

(limited to 'src/providers/ldap/sdap_async.c')

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 6412666d0..1547e8850 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -681,7 +681,8 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx,
                                    "", LDAP_SCOPE_BASE,
                                    "(objectclass=*)", attrs, NULL, 0,
                                    dp_opt_get_int(state->opts->basic,
-                                                  SDAP_SEARCH_TIMEOUT));
+                                                  SDAP_SEARCH_TIMEOUT),
+                                   false);
     if (!subreq) {
         talloc_zfree(req);
         return NULL;
@@ -757,6 +758,7 @@ struct sdap_get_generic_state {
     struct sdap_attr_map *map;
     int map_num_attrs;
     int timeout;
+    bool allow_paging;
 
     struct sdap_op *op;
 
@@ -784,7 +786,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
                                          const char **attrs,
                                          struct sdap_attr_map *map,
                                          int map_num_attrs,
-                                         int timeout)
+                                         int timeout,
+                                         bool allow_paging)
 {
     errno_t ret;
     struct sdap_get_generic_state *state;
@@ -810,6 +813,15 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx,
     state->cookie.bv_len = 0;
     state->cookie.bv_val = NULL;
 
+    /* Be extra careful and never allow paging for BASE searches,
+     * even if requested.
+     */
+    if (scope == LDAP_SCOPE_BASE) {
+        state->allow_paging = false;
+    } else {
+        state->allow_paging = allow_paging;
+    }
+
     ret = sdap_get_generic_step(req);
     if (ret != EOK) {
         tevent_req_error(req, ret);
@@ -854,9 +866,9 @@ static errno_t sdap_get_generic_step(struct tevent_req *req)
 
     disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING);
 
-    if (!disable_paging
-            && sdap_is_control_supported(state->sh,
-                                         LDAP_CONTROL_PAGEDRESULTS)) {
+    if (!disable_paging && state->allow_paging &&
+        sdap_is_control_supported(state->sh,
+                                  LDAP_CONTROL_PAGEDRESULTS)) {
         lret = ldap_create_page_control(state->sh->ldap,
                                         state->sh->page_size,
                                         state->cookie.bv_val ?
-- 
cgit