[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h

To: Howard Chu <hyc@symas.com>
Subject: Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 29 Sep 2004 18:45:05 +0200
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, OpenLDAP Commit <openldap-commit2devel@OpenLDAP.org>
In-reply-to: <4159DCAA.4080507@symas.com>
References: <200409280051.i8S0p0ql026988@cantor.openldap.org> <6.1.2.0.0.20040927220640.041d7d88@127.0.0.1> <4158F77A.9080209@symas.com> <HBF.20040928bu9j@bombur.uio.no> <4159D04C.50505@symas.com> <HBF.20040928sizg@bombur.uio.no> <HBF.20040928sere@bombur.uio.no> <4159DCAA.4080507@symas.com>

I should have mentioned that I don't see any problem with implementing
the suggested feature as an option, and documenting in the 'index ...'
description that substring searches can revert to presence searches.
Making it a default should probably not be done in a minor version, and
it might be best to announce the change.

Howard Chu writes:

>>> The unchecked limit would make (mail=*foo*) fail at
>>> once, while (mail=*) might narrow it down enough that the server would
>>> then trawl through a lot of entries - often only to fail to find
>>> anything.
>
> Nobody can predict whether such a search would more often fail or 
> succeed, that conclusion is unsupportable.

Checking the Statslog() output helps.

Though I notice what I said isn't quite true; I forgot to mention
one other problem:  Returning too many uninteresting entries.

> I'm somewhat opposed to 
> setting up mechanisms that prevent a user from retrieving data that 
> exists and the user is authorized to access.

Well, you'll notice one major reason for trying this is as a service to
the users:-)

As for privacy protection, whether or not some personal information is
accessible is not the only factor for whether the service which provides
that is acceptable - other factors are e.g. how easily outsiders can
retrieve a dump of the entire database, and what it is possible to
search for.

> But since refining the 
> search (with longer search strings) should allow the search to progress, 
> I guess I don't care too strongly about it.

-- 
Hallvard

References:
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: Howard Chu <hyc@symas.com>
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: Howard Chu <hyc@symas.com>
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: CLDAP (UDP)
Index(es):
- Chronological
- Thread