ITS#7657 honor unchecked limit

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 62249afab5fd708c738dd8014872d2037f712817..00ae50785e8e4991b616d79b946b6a8784fd1c8c 100644 (file)
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -161,6 +161,12 @@ static int search_aliases(
        if (rs->sr_err != LDAP_SUCCESS || MDB_IDL_IS_ZERO( aliases )) {
                return rs->sr_err;
        }
+       if ( op->ors_limit      /* isroot == FALSE */ &&
+               op->ors_limit->lms_s_unchecked != -1 &&
+               MDB_IDL_N( aliases ) > (unsigned) op->ors_limit->lms_s_unchecked )
+       {
+               return LDAP_ADMINLIMIT_EXCEEDED;
+       }
        oldsubs[0] = 1;
        oldsubs[1] = e_id;
 
@@ -665,6 +671,10 @@ dn2entry_retry:
                scopes[1].mval.mv_data = NULL;
                rs->sr_err = search_candidates( op, rs, base,
                        &isc, mci, candidates, stack );
+
+               if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED )
+                       goto adminlimit;
+
                ncand = MDB_IDL_N( candidates );
                if ( !base->e_id || ncand == NOID ) {
                        /* grab entry count from id2entry stat
@@ -696,6 +706,7 @@ dn2entry_retry:
                ncand > (unsigned) op->ors_limit->lms_s_unchecked )
        {
                rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+adminlimit:
                send_ldap_result( op, rs );
                rs->sr_err = LDAP_SUCCESS;
                goto done;