openldap 2.2.15 added a check for "invalid time limit" and "invalid size limit" in servers/slapd/search.c. What is the purpose of this limit? The check has broken one of our production applications.
The protocol allows, as time/size limit, a "maxInt", which, according to RFC2251, is defined as
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
This test was absent in earlier versions, and was required for a clean implementation of internal limits because "illegal" values (i.e. < 0) are now used to identify an internal search, but the check should be totally transparent to clients, since the values that are not allowed by the protocol, should not be encoded by the client library first. If they are, the library has a bug (what implementation of libldap is your client using?), which you should be able to circumvent by explicitly setting a valid limit.
Yours, John -- John Borwick System Administrator Wake Forest University | web http://www.wfu.edu/~borwicjh Winston-Salem, NC, USA | GPG key ID 0x797326D5
Attachment:
signature.asc
Description: OpenPGP digital signature