diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2016-03-18 09:49:41 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-04-13 17:52:22 +0200 |
| commit | 1f0959735f9828a09439f17f1468dcd3dfb914db (patch) | |
| tree | 45ccb4b78794a07c5d6d890338f8d3c9f7d8c4fa /ipalib | |
| parent | b23ad42269c606f234f4f8c545e3c763e648f551 (diff) | |
| download | freeipa-1f0959735f9828a09439f17f1468dcd3dfb914db.tar.gz freeipa-1f0959735f9828a09439f17f1468dcd3dfb914db.tar.xz freeipa-1f0959735f9828a09439f17f1468dcd3dfb914db.zip | |
differentiate between limit types when LDAP search exceeds configured limits
When LDAP search fails on exceeded limits, we should raise an specific
exception for the type of limit raised (size, time, administrative) so that
the consumer can distinguish between e.g. searches returning too many entries
and those timing out.
https://fedorahosted.org/freeipa/ticket/5677
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/errors.py | 28 | ||||
| -rw-r--r-- | ipalib/plugins/automount.py | 6 | ||||
| -rw-r--r-- | ipalib/plugins/baseldap.py | 14 |
3 files changed, 35 insertions, 13 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index 52b770027..2507e13dc 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1612,6 +1612,34 @@ class TaskTimeout(DatabaseError): format = _("%(task)s LDAP task timeout, Task DN: '%(task_dn)s'") +class TimeLimitExceeded(LimitsExceeded): + """ + **4214** Raised when time limit for the operation is exceeded. + """ + + errno = 4214 + format = _('Configured time limit exceeded') + + +class SizeLimitExceeded(LimitsExceeded): + """ + **4215** Raised when size limit for the operation is exceeded. + """ + + errno = 4215 + format = _('Configured size limit exceeded') + + +class AdminLimitExceeded(LimitsExceeded): + """ + **4216** Raised when server limit imposed by administrative authority was + exceeded + """ + + errno = 4216 + format = _('Configured administrative server limit exceeded') + + class CertificateError(ExecutionError): """ **4300** Base class for Certificate execution errors (*4300 - 4399*). diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py index 7dc00224e..c0a55d5da 100644 --- a/ipalib/plugins/automount.py +++ b/ipalib/plugins/automount.py @@ -803,12 +803,10 @@ class automountkey(LDAPObject): ('cn', parent_keys[0]), self.container_dn, api.env.basedn) attrs_list = ['*'] - entries, truncated = ldap.find_entries( - sfilter, attrs_list, basedn, ldap.SCOPE_ONELEVEL) + entries = ldap.get_entries( + basedn, ldap.SCOPE_ONELEVEL, sfilter, attrs_list) if len(entries) > 1: raise errors.NotFound(reason=_('More than one entry with key %(key)s found, use --info to select specific entry.') % dict(key=pkey)) - if truncated: - raise errors.LimitsExceeded() dn = entries[0].dn return dn diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index ffc0008a6..0eae45dbd 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -684,14 +684,12 @@ class LDAPObject(Object): filter = self.backend.combine_filters( ('(member=*)', mo_filter), self.backend.MATCH_ALL) try: - result, truncated = self.backend.find_entries( - base_dn=self.api.env.basedn, + result = self.backend.get_entries( + self.api.env.basedn, filter=filter, attrs_list=['member'], size_limit=-1, # paged search will get everything anyway paged_search=True) - if truncated: - raise errors.LimitsExceeded() except errors.NotFound: result = [] @@ -709,12 +707,10 @@ class LDAPObject(Object): filter = self.backend.make_filter( {'member': dn, 'memberuser': dn, 'memberhost': dn}) try: - result, truncated = self.backend.find_entries( - base_dn=self.api.env.basedn, + result = self.backend.get_entries( + self.api.env.basedn, filter=filter, attrs_list=['']) - if truncated: - raise errors.LimitsExceeded() except errors.NotFound: result = [] @@ -2105,7 +2101,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): result = dict( result=entries, count=len(entries), - truncated=truncated, + truncated=bool(truncated), ) if truncated: |