[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h
I should have mentioned that I don't see any problem with implementing
the suggested feature as an option, and documenting in the 'index ...'
description that substring searches can revert to presence searches.
Making it a default should probably not be done in a minor version, and
it might be best to announce the change.
Howard Chu writes:
>>> The unchecked limit would make (mail=*foo*) fail at
>>> once, while (mail=*) might narrow it down enough that the server would
>>> then trawl through a lot of entries - often only to fail to find
>>> anything.
>
> Nobody can predict whether such a search would more often fail or
> succeed, that conclusion is unsupportable.
Checking the Statslog() output helps.
Though I notice what I said isn't quite true; I forgot to mention
one other problem: Returning too many uninteresting entries.
> I'm somewhat opposed to
> setting up mechanisms that prevent a user from retrieving data that
> exists and the user is authorized to access.
Well, you'll notice one major reason for trying this is as a service to
the users:-)
As for privacy protection, whether or not some personal information is
accessible is not the only factor for whether the service which provides
that is acceptable - other factors are e.g. how easily outsiders can
retrieve a dump of the entire database, and what it is possible to
search for.
> But since refining the
> search (with longer search strings) should allow the search to progress,
> I guess I don't care too strongly about it.
--
Hallvard