diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-04-17 09:56:04 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-16 23:24:08 -0400 |
| commit | 4a48efe636c0036334d4d3afadc933b0408de0f0 (patch) | |
| tree | 14c241c2b53d55af3888afd28d60cbd20fa3fd71 | |
| parent | 36eb2543c3c01a24a6604b761b7287ae179cea7e (diff) | |
| download | freeipa-4a48efe636c0036334d4d3afadc933b0408de0f0.tar.gz freeipa-4a48efe636c0036334d4d3afadc933b0408de0f0.tar.xz freeipa-4a48efe636c0036334d4d3afadc933b0408de0f0.zip | |
Raise proper exception when LDAP limits are exceeded
ldap2 plugin returns NotFound error for find_entries/get_entry
queries when the server did not manage to return an entry
due to time limits. This may be confusing for user when the
entry he searches actually exists.
This patch fixes the behavior in ldap2 plugin to
1) Return even a zero search results + truncated bool set in
ldap2.find_entries
2) Raise LimitsExceeded in ldap2.get_entry and
ldap2.find_entry_by_attr instead of NotFound error
This changed several assumptions about ldap2.find_entries
results. Several calls accross IPA code base had to be
amended.
https://fedorahosted.org/freeipa/ticket/2606
| -rw-r--r-- | ipalib/plugins/automount.py | 2 | ||||
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 24 |
2 files changed, 20 insertions, 6 deletions
diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py index 9df400d2e..366729425 100644 --- a/ipalib/plugins/automount.py +++ b/ipalib/plugins/automount.py @@ -724,6 +724,8 @@ class automountkey(LDAPObject): basedn, _ldap.SCOPE_ONELEVEL) if len(entries) > 1: raise errors.NotFound(reason=_('More than one entry with key %(key)s found, use --info to select specific entry.') % dict(key=pkey)) + if truncated: + raise errors.LimitsExceeded() dn = entries[0][0] return dn diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 61341b082..b65e011dd 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -754,7 +754,7 @@ class ldap2(CrudBackend, Encoder): except _ldap.LDAPError, e: _handle_errors(e) - if not res: + if not res and not truncated: raise errors.NotFound(reason='no such entry') if attrs_list and ('memberindirect' in attrs_list or '*' in attrs_list): @@ -801,7 +801,10 @@ class ldap2(CrudBackend, Encoder): if len(entries) > 1: raise errors.SingleMatchExpected(found=len(entries)) else: - return entries[0] + if truncated: + raise errors.LimitsExceeded() + else: + return entries[0] def get_entry(self, dn, attrs_list=None, time_limit=None, size_limit=None, normalize=True): @@ -811,10 +814,14 @@ class ldap2(CrudBackend, Encoder): Keyword arguments: attrs_list - list of attributes to return, all if None (default None) """ - return self.find_entries( + (entry, truncated) = self.find_entries( None, attrs_list, dn, self.SCOPE_BASE, time_limit=time_limit, size_limit=size_limit, normalize=normalize - )[0][0] + ) + + if truncated: + raise errors.LimitsExceeded() + return entry[0] config_defaults = {'ipasearchtimelimit': [2], 'ipasearchrecordslimit': [0]} def get_ipa_config(self, attrs_list=None): @@ -827,10 +834,13 @@ class ldap2(CrudBackend, Encoder): # Not in our context yet pass try: - (cdn, config_entry) = self.find_entries( + (entry, truncated) = self.find_entries( None, attrs_list, base_dn=cdn, scope=self.SCOPE_BASE, time_limit=2, size_limit=10 - )[0][0] + ) + if truncated: + raise errors.LimitsExceeded() + (cdn, config_entry) = entry[0] except errors.NotFound: config_entry = {} for a in self.config_defaults: @@ -1155,6 +1165,8 @@ class ldap2(CrudBackend, Encoder): attr_list, member, time_limit=time_limit, size_limit=size_limit, scope=_ldap.SCOPE_BASE, normalize=normalize) + if truncated: + raise errors.LimitsExceeded() results.append(list(result[0])) for m in result[0][1].get('member', []): # This member may contain other members, add it to our |