summaryrefslogtreecommitdiffstats
path: root/source4
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2006-01-13 15:40:15 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:01 -0500
commitd45a8de617eaeb42ce43435f57916bab4274af13 (patch)
tree824f2f780eac8ee7bddac9a8411294e7f9b1356b /source4
parentb15582ed816f3d477f978976f43b82cfa90bf6dc (diff)
downloadsamba-d45a8de617eaeb42ce43435f57916bab4274af13.tar.gz
samba-d45a8de617eaeb42ce43435f57916bab4274af13.tar.xz
samba-d45a8de617eaeb42ce43435f57916bab4274af13.zip
r12905: add some ldap policies
not yet enforced except for the initial connection timeout (This used to be commit fa1ae9a44b0321b8e458bcb7fd1dcc9475b9bad3)
Diffstat (limited to 'source4')
-rw-r--r--source4/ldap_server/ldap_server.c106
-rw-r--r--source4/setup/provision.ldif33
2 files changed, 132 insertions, 7 deletions
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index d8124e5f24..4272cea678 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -34,6 +34,8 @@
#include "lib/tls/tls.h"
#include "lib/messaging/irpc.h"
#include "lib/stream/packet.h"
+#include "lib/ldb/include/ldb.h"
+#include "lib/ldb/include/ldb_errors.h"
/*
close the socket and shutdown a server_context
@@ -272,6 +274,101 @@ static void ldapsrv_conn_init_timeout(struct event_context *ev,
ldapsrv_terminate_connection(conn, "Timeout. No requests after initial connection");
}
+static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
+{
+ TALLOC_CTX *tmp_ctx;
+ const char *attrs[] = { "configurationNamingContext", NULL };
+ const char *attrs2[] = { "lDAPAdminLimits", NULL };
+ const char *conf_dn_s;
+ struct ldb_message_element *el;
+ struct ldb_result *res = NULL;
+ struct ldb_dn *basedn;
+ struct ldb_dn *conf_dn;
+ struct ldb_dn *policy_dn;
+ int i,ret;
+
+ /* set defaults limits in case of failure */
+ conn->limits.initial_timeout = 120;
+ conn->limits.conn_idle_time = 900;
+ conn->limits.max_page_size = 1000;
+ conn->limits.search_timeout = 120;
+
+
+ tmp_ctx = talloc_new(conn);
+ if (tmp_ctx == NULL) {
+ return -1;
+ }
+
+ basedn = ldb_dn_explode(tmp_ctx, "");
+ if (basedn == NULL) {
+ goto failed;
+ }
+
+ ret = ldb_search(conn->ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res);
+ talloc_steal(tmp_ctx, res);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
+
+ conf_dn_s = ldb_msg_find_string(res->msgs[0], "configurationNamingContext", NULL);
+ if (conf_dn_s == NULL) {
+ goto failed;
+ }
+ conf_dn = ldb_dn_explode(tmp_ctx, conf_dn_s);
+ if (conf_dn == NULL) {
+ goto failed;
+ }
+
+ policy_dn = ldb_dn_string_compose(tmp_ctx, conf_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
+ if (policy_dn == NULL) {
+ goto failed;
+ }
+
+ ret = ldb_search(conn->ldb, policy_dn, LDB_SCOPE_BASE, NULL, attrs2, &res);
+ talloc_steal(tmp_ctx, res);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
+
+ el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
+ if (el == NULL) {
+ goto failed;
+ }
+
+ for (i = 0; i < el->num_values; i++) {
+ char policy_name[256];
+ int policy_value, s;
+
+ s = sscanf(el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
+ if (ret != 2 || policy_value == 0)
+ continue;
+
+ if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
+ conn->limits.initial_timeout = policy_value;
+ continue;
+ }
+ if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
+ conn->limits.conn_idle_time = policy_value;
+ continue;
+ }
+ if (strcasecmp("MaxPageSize", policy_name) == 0) {
+ conn->limits.max_page_size = policy_value;
+ continue;
+ }
+ if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
+ conn->limits.search_timeout = policy_value;
+ continue;
+ }
+ }
+
+ return 0;
+
+failed:
+ DEBUG(0, ("Failed to load ldap server query policies\n"));
+ talloc_free(tmp_ctx);
+ return -1;
+}
+
/*
initialise a server_context from a open socket and register a event handler
for reading from that socket
@@ -356,13 +453,8 @@ static void ldapsrv_accept(struct stream_connection *c)
return;
}
- /* TODO: load limits from the conf partition */
-
- conn->limits.initial_timeout = 10;
- conn->limits.conn_idle_time = 60;
- conn->limits.max_page_size = 100;
- conn->limits.search_timeout = 10;
-
+ /* load limits from the conf partition */
+ ldapsrv_load_limits(conn); /* should we fail on error ? */
/* register the server */
irpc_add_name(c->msg_ctx, "ldap_server");
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 9204f685b6..2fc0022c81 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -337,6 +337,39 @@ showInAdvancedViewOnly: TRUE
objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
sPNMappings: host=ldap,dns,cifs,http
+dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Query-Policies
+instanceType: 4
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: queryPolicy
+cn: Default Query Policy
+instanceType: 4
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN}
+lDAPAdminLimits: MaxValRange=1500
+lDAPAdminLimits: MaxReceiveBuffer=10485760
+lDAPAdminLimits: MaxDatagramRecv=4096
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: MaxConnections=5000
+
###############################
# Schema Naming Context