[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sizelimit




On 04/12/2011 04:32 PM, Troy Knabe wrote:
I want to enforce a size limit to restrict normal users.  But I have a particular proxy account that I need to be able to return the entire directory.  Is there a way to set sizelimit for a particular user differently than it is set for the directory?

Thanks
-Troy

Troy, here is what I've been using to do what you want (from my slapd.conf file, haven't gone to cn=config yet). It will also allow unlimited access to anyone using page control (ie: getting 200 entries per query, but unlimited queries). Anyone else will be limited to 200 entries returned from a single search. I have this for each of the databases (I have 4 different LDAP databases for various groups). You could also have this as a global but I wanted finer control then that (some groups can have more then 200 entries, but still limited).

# Let the proxy DN and anyone using Paged
# control have unlimited searches
limits dn.exact="cn=proxy,o=example.com" size=unlimited time=unlimited
limits * size=200 size.pr=unlimited size.prtotal=unlimited

Should be pretty close to what you need.
Tom Leach
leach@coas.oregonstate.edu