Avoiding Buffer Overruns With Sun Java System Directory Server
To avoid buffer overruns, modify the Sun Java System Directory Server attributes manually or by running the idsconfig command.
-
For example, to increase the maximum number of entries that are returned for a client search query, modify these attributes:
dn: cn=config nsslapd-sizelimit: -1
-
To increase the maximum number of entries that are verified for a client search query, modify these attributes:
dn: cn=config, cn=ldbm database, cn=plugins, cn=config nsslapd-lookthroughlimit: -1
For testing purposes, you can use an attribute value of -1, which indicates no limit. When you have determined the optimum limit value, change the attribute value. Do not maintain any attribute settings at -1 on a production server. With no limits, the server might be vulnerable to Denial of Service attacks.
If VLVs are being used, the sizelimit attribute values should be set as defined in Creating Virtual List View Indexes With Sun Java System Directory Server. If VLVs are not being used, the size limit should be set large enough to accommodate the largest container.
For more information about configuring Sun Java System Directory Server with LDAP, see Chapter 11, Setting Up Sun Java System Directory Server With LDAP Clients (Tasks).
- © 2010, Oracle Corporation and/or its affiliates