Re: Win32 Apache and ldap size limit problem.

[Andy Wang <aw...@ptc.com>]

FYI,
I posted a patch to http://issues.apache.org/bugzilla/show_bug.cgi?id=37814

I took the easy route and just added a #if block to util_ldap to set a 
sizelimit of 2147483647 if the microsoft ldap sdk was in use or 
otherwise -1 and use this sizelimit define in ldap_search_ext_s calls.

Ideally sizelimit could be configureable via a module directive, but 
since we'll be maintaining our own build with this patch I didn't want 
to do anything too heavyweight.

Andy


Andy Wang wrote:
> I noticed that with OpenLDAP 2.2.x, auth_ldap from apache on windows 
> fails.  The actual error ends up being a invalid size limit on the 
> openldap end of things.  After doing some research, it looks like the 
> Microsoft SDK defaults the sizelimit to (2^32)-1 (4294967295 or 
> basically an unsigned 32-bit int).  OpenLDAP 2.2.x restricts the 
> sizelimit to (2^(32-1)) -1 (2147483647 or a signed 32-bit int).
>
> I have no idea how to report this to microsoft, as it's the microsoft 
> SDK that's out of spec.  RFC 2251 
> (http://www.ietf.org/rfc/rfc2251.txt) declares the max of a size limit 
> to be the openldap value.
>
> As far as I can tell, none of the other ldap servers care and openldap 
> 2.1.x didn't care either, but unfortunately, 2.2.x does care.
>
> Anyone else run into this problem and have any ideas or know how ot 
> report this to MS?  I was thinking of filing an Apache bug/enhancement 
> requesting that apache be able to pass a size limit to the ldap 
> query.  In theory, you could override this MS SDK problem by 
> explicitly setting the size limit to a proper value, or patch openldap 
> to ignore it.
>
> Thanks,
> Andy
>