From 1f0959735f9828a09439f17f1468dcd3dfb914db Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Fri, 18 Mar 2016 09:49:41 +0100
Subject: differentiate between limit types when LDAP search exceeds configured
 limits

When LDAP search fails on exceeded limits, we should raise an specific
exception for the type of limit raised (size, time, administrative) so that
the consumer can distinguish between e.g. searches returning too many entries
and those timing out.

https://fedorahosted.org/freeipa/ticket/5677

Reviewed-By: Petr Spacek <pspacek@redhat.com>
---
 ipaserver/plugins/ldap2.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'ipaserver')

diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index a1f1e1982..d50ae1698 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -230,12 +230,13 @@ class ldap2(CrudBackend, LDAPClient):
             # Not in our context yet
             pass
         try:
+            # use find_entries here lest we hit an infinite recursion when
+            # ldap2.get_entries tries to determine default time/size limits
             (entries, truncated) = self.find_entries(
                 None, attrs_list, base_dn=dn, scope=self.SCOPE_BASE,
                 time_limit=2, size_limit=10
             )
-            if truncated:
-                raise errors.LimitsExceeded()
+            self.handle_truncated_result(truncated)
             config_entry = entries[0]
         except errors.NotFound:
             config_entry = self.make_entry(dn)
-- 
cgit