ITS#7657 honor unchecked limit

diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
index 1bfd0bc29c83395d79f0760924857fb5c6cc279b..c659381e7b45a176b6ebb600da55b6be2b2cbaf9 100644 (file)
--- a/servers/slapd/back-mdb/search.c
+++ b/servers/slapd/back-mdb/search.c
@@ -161,6 +161,12 @@ static int search_aliases(
        if (rs->sr_err != LDAP_SUCCESS || MDB_IDL_IS_ZERO( aliases )) {
                return rs->sr_err;
        }
+       if ( op->ors_limit      /* isroot == FALSE */ &&
+               op->ors_limit->lms_s_unchecked != -1 &&
+               MDB_IDL_N( aliases ) > (unsigned) op->ors_limit->lms_s_unchecked )
+       {
+               return LDAP_ADMINLIMIT_EXCEEDED;
+       }
        oldsubs[0] = 1;
        oldsubs[1] = e_id;
 
@@ -670,6 +676,10 @@ dn2entry_retry:
                scopes[1].mval.mv_data = NULL;
                rs->sr_err = search_candidates( op, rs, base,
                        &isc, mci, candidates, stack );
+
+               if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED )
+                       goto adminlimit;
+
                ncand = MDB_IDL_N( candidates );
                if ( !base->e_id || ncand == NOID ) {
                        /* grab entry count from id2entry stat
@@ -700,6 +710,7 @@ dn2entry_retry:
                ncand > (unsigned) op->ors_limit->lms_s_unchecked )
        {
                rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED;
+adminlimit:
                send_ldap_result( op, rs );
                rs->sr_err = LDAP_SUCCESS;
                goto done;