[pbs-devel] [PATCH proxmox 2/2] ldap: only search base of base_dn when checking connection

Lukas Wagner l.wagner at proxmox.com
Tue Jul 25 10:56:28 CEST 2023

Looks good to me! (also applies to the new integration tests)

Tested-by: Lukas Wagner <l.wagner at proxmox.com>
Reviewed-by: Lukas Wagner <l.wagner at proxmox.com>

On 7/21/23 16:34, Stefan Sterz wrote:
> * when using an anonymous bind with slapd in its default configuration
>    the default size limit will also be enforced against a paged
>    search. this means that while a configuration may succeed with 5
>    users with an anonymous bind, it will fail with 500+ users.
> * if the client specifies a size limit for the search and the server
>    finds more results than specified by the search limit it will
>    return only the specified amount of results. however, the result
>    code will still be 4 (sizeLimitExceeded) resulting in an error. the
>    same happens if the server specifies a limit and the search exceeds
>    it. it also uses the the result code 4 (sizeLimitExceeded) in that
>    case.
> * if a streaming_search is finished before all results are retrieved,
>    ldap3 will handle this as specified in the relevant rfc from what i
>    can tell [1]. however, the result code will then be 88 for a user
>    canceled request, which is treated as an `Err` Result in ldap3.
> [1]: https://datatracker.ietf.org/doc/html/rfc2696

- Lukas

More information about the pbs-devel mailing list