A sudo compiled on AIX 5.3, using the native LDAP libraries is giving me errors (and no results) when talking to OpenLDAP.

Example log entries from OpenLDAP below:

Jan 27 17:11:49 hostname slapd[8725]: [ID 848112 local4.debug] conn=454 fd=38 ACCEPT from IP=192.168.200.86:36856 (IP=0.0.0.0:389)
Jan 27 17:11:49 hostname slapd[8725]: [ID 215403 local4.debug] conn=454 op=0 BIND dn="cn=sudoagent,ou=profile,dc=domain,dc=tld" method=128
Jan 27 17:11:49 hostname slapd[8725]: [ID 600343 local4.debug] conn=454 op=0 BIND dn="cn=sudoagent,ou=profile,dc=domain,dc=tld" mech=SIMPLE ssf=0
Jan 27 17:11:49 hostname slapd[8725]: [ID 588225 local4.debug] conn=454 op=0 RESULT tag=97 err=0 text=
Jan 27 17:11:49 hostname slapd[8725]: [ID 832699 local4.debug] conn=454 op=1 SEARCH RESULT tag=101 err=2 nentries=0 text=invalid size limit
Jan 27 17:11:49 hostname slapd[8725]: [ID 832699 local4.debug] conn=454 op=2 SEARCH RESULT tag=101 err=2 nentries=0 text=invalid size limit
Jan 27 17:11:49 hostname slapd[8725]: [ID 832699 local4.debug] conn=454 op=3 SEARCH RESULT tag=101 err=2 nentries=0 text=invalid size limit

I've traced the issue to calls to: ldap_search_ext_s
The sizelimit argument to this call is set to '-1'. According to the ldap manual-pages I've seen, this should be set to '0' for specifying no client limits.

When I change the 6 calls in ldap.c to use '0' for this argument everything works like a charm.

I have not yet tested this same change on solaris and linux, but I assume this shouldn't have any impact.

Please consider changing this in the next release.