+ /* if not root, get appropriate limits */
+ if ( be_isroot( be, &op->o_ndn ) ) {
+ isroot = 1;
+ } else {
+ ( void ) get_limits( be, &op->o_ndn, &limit );
+ }
+
+ /* if no time limit requested, rely on remote server limits */
+ /* if requested limit higher than hard limit, abort */
+ if ( !isroot && tlimit > limit->lms_t_hard ) {
+ /* no hard limit means use soft instead */
+ if ( limit->lms_t_hard == 0
+ && limit->lms_t_soft > -1
+ && tlimit > limit->lms_t_soft ) {
+ tlimit = limit->lms_t_soft;
+
+ /* positive hard limit means abort */
+ } else if ( limit->lms_t_hard > 0 ) {
+ send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
+ NULL, NULL, NULL, NULL );
+ rc = 0;
+ goto finish;
+ }
+
+ /* negative hard limit means no limit */
+ }
+
+ /* if no size limit requested, rely on remote server limits */
+ /* if requested limit higher than hard limit, abort */
+ if ( !isroot && slimit > limit->lms_s_hard ) {
+ /* no hard limit means use soft instead */
+ if ( limit->lms_s_hard == 0
+ && limit->lms_s_soft > -1
+ && slimit > limit->lms_s_soft ) {
+ slimit = limit->lms_s_soft;
+
+ /* positive hard limit means abort */
+ } else if ( limit->lms_s_hard > 0 ) {
+ send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
+ NULL, NULL, NULL, NULL );
+ rc = 0;
+ goto finish;
+ }
+
+ /* negative hard limit means no limit */
+ }
+
+ /* should we check return values? */
+ if (deref != -1)
+ ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&deref);
+ if (tlimit != -1)
+ ldap_set_option( lc->ld, LDAP_OPT_TIMELIMIT, (void *)&tlimit);
+ if (slimit != -1)
+ ldap_set_option( lc->ld, LDAP_OPT_SIZELIMIT, (void *)&slimit);
+