Skip to content

Commit 2d1e4db

Browse files
cpuschmacpuschma
authored
Add EnforceSizeLimit to enforce the specified search request size limit (#482)
1 parent 9023788 commit 2d1e4db

File tree

2 files changed

+32
-2
lines changed

2 files changed

+32
-2
lines changed

search.go

+16-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ const (
2020
ScopeWholeSubtree = 2
2121
// ScopeChildren is an OpenLDAP extension that may not be supported by another directory server.
2222
// See: https://github.com/openldap/openldap/blob/7c55484ee153047efd0e562fc1638c1a2525f320/include/ldap.h#L598
23-
ScopeChildren = 3
23+
ScopeChildren = 3
2424
)
2525

2626
// ScopeMap contains human readable descriptions of scope choices
@@ -47,6 +47,10 @@ var DerefMap = map[int]string{
4747
DerefAlways: "DerefAlways",
4848
}
4949

50+
// ErrSizeLimitExceeded will be returned if the search result is exceeding the defined SizeLimit
51+
// and enforcing the requested limit is enabled in the search request (EnforceSizeLimit)
52+
var ErrSizeLimitExceeded = NewError(ErrorNetwork, errors.New("ldap: size limit exceeded"))
53+
5054
// NewEntry returns an Entry object with the specified distinguished name and attribute key-value pairs.
5155
// The map of attributes is accessed in alphabetical order of the keys in order to ensure that, for the
5256
// same input map of attributes, the output entry will contain the same order of attributes
@@ -417,6 +421,11 @@ type SearchRequest struct {
417421
Filter string
418422
Attributes []string
419423
Controls []Control
424+
425+
// EnforceSizeLimit will hard limit the maximum number of entries parsed, in case the directory
426+
// server returns more results than requested. This setting is disabled by default and does not
427+
// work in async search requests.
428+
EnforceSizeLimit bool
420429
}
421430

422431
func (req *SearchRequest) appendTo(envelope *ber.Packet) error {
@@ -564,6 +573,12 @@ func (l *Conn) Search(searchRequest *SearchRequest) (*SearchResult, error) {
564573

565574
switch packet.Children[1].Tag {
566575
case 4:
576+
if searchRequest.EnforceSizeLimit &&
577+
searchRequest.SizeLimit > 0 &&
578+
len(result.Entries) >= searchRequest.SizeLimit {
579+
return result, ErrSizeLimitExceeded
580+
}
581+
567582
entry := &Entry{
568583
DN: packet.Children[1].Children[0].Value.(string),
569584
Attributes: unpackAttributes(packet.Children[1].Children[1].Children),

v3/search.go

+16-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ const (
2020
ScopeWholeSubtree = 2
2121
// ScopeChildren is an OpenLDAP extension that may not be supported by another directory server.
2222
// See: https://github.com/openldap/openldap/blob/7c55484ee153047efd0e562fc1638c1a2525f320/include/ldap.h#L598
23-
ScopeChildren = 3
23+
ScopeChildren = 3
2424
)
2525

2626
// ScopeMap contains human readable descriptions of scope choices
@@ -47,6 +47,10 @@ var DerefMap = map[int]string{
4747
DerefAlways: "DerefAlways",
4848
}
4949

50+
// ErrSizeLimitExceeded will be returned if the search result is exceeding the defined SizeLimit
51+
// and enforcing the requested limit is enabled in the search request (EnforceSizeLimit)
52+
var ErrSizeLimitExceeded = NewError(ErrorNetwork, errors.New("ldap: size limit exceeded"))
53+
5054
// NewEntry returns an Entry object with the specified distinguished name and attribute key-value pairs.
5155
// The map of attributes is accessed in alphabetical order of the keys in order to ensure that, for the
5256
// same input map of attributes, the output entry will contain the same order of attributes
@@ -417,6 +421,11 @@ type SearchRequest struct {
417421
Filter string
418422
Attributes []string
419423
Controls []Control
424+
425+
// EnforceSizeLimit will hard limit the maximum number of entries parsed, in case the directory
426+
// server returns more results than requested. This setting is disabled by default and does not
427+
// work in async search requests.
428+
EnforceSizeLimit bool
420429
}
421430

422431
func (req *SearchRequest) appendTo(envelope *ber.Packet) error {
@@ -564,6 +573,12 @@ func (l *Conn) Search(searchRequest *SearchRequest) (*SearchResult, error) {
564573

565574
switch packet.Children[1].Tag {
566575
case 4:
576+
if searchRequest.EnforceSizeLimit &&
577+
searchRequest.SizeLimit > 0 &&
578+
len(result.Entries) >= searchRequest.SizeLimit {
579+
return result, ErrSizeLimitExceeded
580+
}
581+
567582
entry := &Entry{
568583
DN: packet.Children[1].Children[0].Value.(string),
569584
Attributes: unpackAttributes(packet.Children[1].Children[1].Children),

0 commit comments

Comments
 (0)