[Date Prev][Date Next] [Chronological] [Thread] [Top]

Limits on anonymous binds

To: <openldap-devel@OpenLDAP.org>
Subject: Limits on anonymous binds
From: Mark Adamson <adamson@andrew.cmu.edu>
Date: Wed, 21 Nov 2001 12:15:10 -0500 (EST)

I was just speaking briefly with Pierangelo Masarati about how to set
search limits on anonymous binds to slapd. The topic seems to have never
been resolved, so I'd like to reopen it with a suggestion.  Our mail
clients here at CMU like to bind anonymously to the LDAP server and do
expansive searches like "cn=*rs*", which can take forever since the
substring is shorter than the min substring length.

I'd just like to be able to define a way to set limits in slapd, without
touching on anything like what string should be applied as the DN of an
anonymous bind (e.g. cn=anonymous).  I'd like for the slapd.conf file to
have one of the following two possibilities:

limits dn.exact=anonymous <limit>

  -or-

limits dn.anonymous  <limit>


Then if anyone connects and binds anonymously, these limits would apply
instead of the default limits. get_limits() would still receive the
parameter  ndn=NULL or ndn="".  It's not much coding in limits.c, I'd just
to get a feel for what people think of the syntax.

-Mark Adamson
 Carnegie Mellon

Follow-Ups:
- Re: Limits on anonymous binds
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: Substring searches
Next by Date: Re: Limits on anonymous binds
Index(es):
- Chronological
- Thread