[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Regex-based per op_ndn time/size limits

To: Pierangelo Masarati <pmasarati@bci.it>
Subject: Re: Regex-based per op_ndn time/size limits
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 31 Jul 2001 11:48:02 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <3B66EAC7.9A7B405C@bci.it>
References: <200107280934.f6S9Y9R12713@server.aero.polimi.it>

At 10:28 AM 7/31/2001, Pierangelo Masarati wrote:
>I'd also like to implement generic rules on operations;
>i think I saw a post a long time ago about something
>like this: control some operations (say search 
>filters or so) based on op_ndn. For instance, I need 
>to deny searches with wildcards to anonymous or
>unprivileged users, or to allow wildcards only within
>indexed attributes. This should be implemented at the
>backend side.

yes.   What I suggest is adding a "to be checked"
limit.  That is, if the indexing system (commonly due
to lack of appropriate indexes) returns too long of a
list, then the search immediately (without checking or
returning any entry) completes with unwillingToPerform.

I note for time/size (and other) limits, separate
soft and hard limits would be nice.  That is, if
the size limits were 500 soft, 1000, hard, the limit
would be limited to 500 entries unless they request
a specific limit.  If that limit exceeds the hard
limit, unwillingToPerform would be immediately
returned.

>Is anybody aware of rfcs or i-drafts
>on the subject?

no.

>Pierangelo.
>
>-- 
>Dr. Pierangelo Masarati    mailto:ando@sys-net.it
>Developer, SysNet s.n.c.   http://www.sys-net.it

References:
- Regex-based per op_ndn time/size limits
  - From: Pierangelo Masarati <masarati@aero.polimi.it>
- Re: Regex-based per op_ndn time/size limits
  - From: Pierangelo Masarati <pmasarati@bci.it>

Prev by Date: Re: ldap_sasl_interactive_bind_s: Unknown authentication method
Next by Date: PERLDAP Bind problem
Index(es):
- Chronological
- Thread