+
+ /* if no time limit requested, rely on remote server limits */
+ /* if requested limit higher than hard limit, abort */
+ if ( !isroot && tlimit > limit->lms_t_hard ) {
+ /* no hard limit means use soft instead */
+ if ( limit->lms_t_hard == 0
+ && limit->lms_t_soft > -1
+ && tlimit > limit->lms_t_soft ) {
+ tlimit = limit->lms_t_soft;
+
+ /* positive hard limit means abort */
+ } else if ( limit->lms_t_hard > 0 ) {
+ send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
+ NULL, NULL, NULL, NULL );
+ rc = 0;
+ goto finish;
+ }
+
+ /* negative hard limit means no limit */
+ }
+
+ /* if no size limit requested, rely on remote server limits */
+ /* if requested limit higher than hard limit, abort */
+ if ( !isroot && slimit > limit->lms_s_hard ) {
+ /* no hard limit means use soft instead */
+ if ( limit->lms_s_hard == 0
+ && limit->lms_s_soft > -1
+ && slimit > limit->lms_s_soft ) {
+ slimit = limit->lms_s_soft;
+
+ /* positive hard limit means abort */
+ } else if ( limit->lms_s_hard > 0 ) {
+ send_ldap_result( conn, op, LDAP_ADMINLIMIT_EXCEEDED,
+ NULL, NULL, NULL, NULL );
+ rc = 0;
+ goto finish;
+ }
+
+ /* negative hard limit means no limit */
+ }
+
+ /* should we check return values? */
+ if (deref != -1)
+ ldap_set_option( lc->ld, LDAP_OPT_DEREF, (void *)&deref);
+ if (tlimit != -1)
+ ldap_set_option( lc->ld, LDAP_OPT_TIMELIMIT, (void *)&tlimit);
+ if (slimit != -1)
+ ldap_set_option( lc->ld, LDAP_OPT_SIZELIMIT, (void *)&slimit);
+
+ /*
+ * Rewrite the search base, if required
+ */
+#ifdef ENABLE_REWRITE
+ switch ( rewrite_session( li->rwinfo, "searchBase",
+ base->bv_val, conn, &mbase.bv_val ) ) {
+ case REWRITE_REGEXEC_OK:
+ if ( mbase.bv_val == NULL ) {
+ mbase = *base;
+ }
+#ifdef NEW_LOGGING
+ LDAP_LOG( BACK_LDAP, DETAIL1,
+ "[rw] searchBase: \"%s\" -> \"%s\"\n",
+ base->bv_val, mbase.bv_val, 0 );
+#else /* !NEW_LOGGING */
+ Debug( LDAP_DEBUG_ARGS, "rw> searchBase: \"%s\" -> \"%s\"\n%s",
+ base->bv_val, mbase.bv_val, "" );
+#endif /* !NEW_LOGGING */
+ break;
+
+ case REWRITE_REGEXEC_UNWILLING:
+ send_ldap_result( conn, op, LDAP_UNWILLING_TO_PERFORM,
+ NULL, "Operation not allowed", NULL, NULL );
+ rc = -1;
+ goto finish;