diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c index 1bfd0bc29c..c659381e7b 100644 --- a/servers/slapd/back-mdb/search.c +++ b/servers/slapd/back-mdb/search.c @@ -161,6 +161,12 @@ static int search_aliases( if (rs->sr_err != LDAP_SUCCESS || MDB_IDL_IS_ZERO( aliases )) { return rs->sr_err; } + if ( op->ors_limit /* isroot == FALSE */ && + op->ors_limit->lms_s_unchecked != -1 && + MDB_IDL_N( aliases ) > (unsigned) op->ors_limit->lms_s_unchecked ) + { + return LDAP_ADMINLIMIT_EXCEEDED; + } oldsubs[0] = 1; oldsubs[1] = e_id; @@ -670,6 +676,10 @@ dn2entry_retry: scopes[1].mval.mv_data = NULL; rs->sr_err = search_candidates( op, rs, base, &isc, mci, candidates, stack ); + + if ( rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ) + goto adminlimit; + ncand = MDB_IDL_N( candidates ); if ( !base->e_id || ncand == NOID ) { /* grab entry count from id2entry stat @@ -700,6 +710,7 @@ dn2entry_retry: ncand > (unsigned) op->ors_limit->lms_s_unchecked ) { rs->sr_err = LDAP_ADMINLIMIT_EXCEEDED; +adminlimit: send_ldap_result( op, rs ); rs->sr_err = LDAP_SUCCESS; goto done;