#include "lib/tls/tls.h"
#include "lib/messaging/irpc.h"
#include "lib/stream/packet.h"
+#include "lib/ldb/include/ldb.h"
+#include "lib/ldb/include/ldb_errors.h"
/*
close the socket and shutdown a server_context
ldapsrv_terminate_connection(conn, "Timeout. No requests after initial connection");
}
+static int ldapsrv_load_limits(struct ldapsrv_connection *conn)
+{
+ TALLOC_CTX *tmp_ctx;
+ const char *attrs[] = { "configurationNamingContext", NULL };
+ const char *attrs2[] = { "lDAPAdminLimits", NULL };
+ const char *conf_dn_s;
+ struct ldb_message_element *el;
+ struct ldb_result *res = NULL;
+ struct ldb_dn *basedn;
+ struct ldb_dn *conf_dn;
+ struct ldb_dn *policy_dn;
+ int i,ret;
+
+ /* set defaults limits in case of failure */
+ conn->limits.initial_timeout = 120;
+ conn->limits.conn_idle_time = 900;
+ conn->limits.max_page_size = 1000;
+ conn->limits.search_timeout = 120;
+
+
+ tmp_ctx = talloc_new(conn);
+ if (tmp_ctx == NULL) {
+ return -1;
+ }
+
+ basedn = ldb_dn_explode(tmp_ctx, "");
+ if (basedn == NULL) {
+ goto failed;
+ }
+
+ ret = ldb_search(conn->ldb, basedn, LDB_SCOPE_BASE, NULL, attrs, &res);
+ talloc_steal(tmp_ctx, res);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
+
+ conf_dn_s = ldb_msg_find_string(res->msgs[0], "configurationNamingContext", NULL);
+ if (conf_dn_s == NULL) {
+ goto failed;
+ }
+ conf_dn = ldb_dn_explode(tmp_ctx, conf_dn_s);
+ if (conf_dn == NULL) {
+ goto failed;
+ }
+
+ policy_dn = ldb_dn_string_compose(tmp_ctx, conf_dn, "CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services");
+ if (policy_dn == NULL) {
+ goto failed;
+ }
+
+ ret = ldb_search(conn->ldb, policy_dn, LDB_SCOPE_BASE, NULL, attrs2, &res);
+ talloc_steal(tmp_ctx, res);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
+
+ el = ldb_msg_find_element(res->msgs[0], "lDAPAdminLimits");
+ if (el == NULL) {
+ goto failed;
+ }
+
+ for (i = 0; i < el->num_values; i++) {
+ char policy_name[256];
+ int policy_value, s;
+
+ s = sscanf(el->values[i].data, "%255[^=]=%d", policy_name, &policy_value);
+ if (ret != 2 || policy_value == 0)
+ continue;
+
+ if (strcasecmp("InitRecvTimeout", policy_name) == 0) {
+ conn->limits.initial_timeout = policy_value;
+ continue;
+ }
+ if (strcasecmp("MaxConnIdleTime", policy_name) == 0) {
+ conn->limits.conn_idle_time = policy_value;
+ continue;
+ }
+ if (strcasecmp("MaxPageSize", policy_name) == 0) {
+ conn->limits.max_page_size = policy_value;
+ continue;
+ }
+ if (strcasecmp("MaxQueryDuration", policy_name) == 0) {
+ conn->limits.search_timeout = policy_value;
+ continue;
+ }
+ }
+
+ return 0;
+
+failed:
+ DEBUG(0, ("Failed to load ldap server query policies\n"));
+ talloc_free(tmp_ctx);
+ return -1;
+}
+
/*
initialise a server_context from a open socket and register a event handler
for reading from that socket
return;
}
- /* TODO: load limits from the conf partition */
-
- conn->limits.initial_timeout = 10;
- conn->limits.conn_idle_time = 60;
- conn->limits.max_page_size = 100;
- conn->limits.search_timeout = 10;
-
+ /* load limits from the conf partition */
+ ldapsrv_load_limits(conn); /* should we fail on error ? */
/* register the server */
irpc_add_name(c->msg_ctx, "ldap_server");
objectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,${BASEDN}
sPNMappings: host=ldap,dns,cifs,http
+dn: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: container
+cn: Query-Policies
+instanceType: 4
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,${BASEDN}
+objectClass: top
+objectClass: queryPolicy
+cn: Default Query Policy
+instanceType: 4
+uSNCreated: ${USN}
+uSNChanged: ${USN}
+showInAdvancedViewOnly: TRUE
+objectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,${BASEDN}
+lDAPAdminLimits: MaxValRange=1500
+lDAPAdminLimits: MaxReceiveBuffer=10485760
+lDAPAdminLimits: MaxDatagramRecv=4096
+lDAPAdminLimits: MaxPoolThreads=4
+lDAPAdminLimits: MaxResultSetSize=262144
+lDAPAdminLimits: MaxTempTableSize=10000
+lDAPAdminLimits: MaxQueryDuration=120
+lDAPAdminLimits: MaxPageSize=1000
+lDAPAdminLimits: MaxNotificationPerConn=5
+lDAPAdminLimits: MaxActiveQueries=20
+lDAPAdminLimits: MaxConnIdleTime=900
+lDAPAdminLimits: InitRecvTimeout=120
+lDAPAdminLimits: MaxConnections=5000
+
###############################
# Schema Naming Context
git.samba.org / kai / samba.git / commitdiff