From c74167f528f3e8a14bfae2bca7dd50aad3407093 Mon Sep 17 00:00:00 2001 From: Stefan Sterz Date: Fri, 21 Jul 2023 16:34:03 +0200 Subject: [PATCH] ldap: only search base of base_dn when checking connection this should avoid most common size limitations. the search should also complete quicker as fewer results need to be computed. note that this way a configuration may be accepted, but the related sync job can fail due to and exceeded size limit warning for some ldap servers (such as 2.5.14+dfsg-0ubuntu0.22.04.2). Signed-off-by: Stefan Sterz --- proxmox-ldap/src/lib.rs | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/proxmox-ldap/src/lib.rs b/proxmox-ldap/src/lib.rs index c47870d9..b3b5d65f 100644 --- a/proxmox-ldap/src/lib.rs +++ b/proxmox-ldap/src/lib.rs @@ -177,30 +177,22 @@ impl Connection { .await? .success() .context("LDAP bind failed, bind_dn or password could be incorrect")?; + } - let (_, _) = ldap - .search( - &self.config.base_dn, - Scope::Subtree, - "(objectClass=*)", - vec!["*"], - ) - .await? - .success() - .context("Could not search LDAP realm, base_dn could be incorrect")?; + // only search base to make sure the base_dn exists while avoiding most common size limits + let (_, _) = ldap + .search( + &self.config.base_dn, + Scope::Base, + "(objectClass=*)", + vec!["*"], + ) + .await? + .success() + .context("Could not search LDAP realm, base_dn could be incorrect")?; + if self.config.bind_dn.is_some() { let _: Result<(), _> = ldap.unbind().await; // ignore errors, search succeeded already - } else { - let (_, _) = ldap - .search( - &self.config.base_dn, - Scope::Subtree, - "(objectClass=*)", - vec!["*"], - ) - .await? - .success() - .context("Could not search LDAP realm, base_dn could be incorrect")?; } Ok(())