[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Regex-based per op_ndn time/size limits
- To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Subject: Re: Regex-based per op_ndn time/size limits
- From: Pierangelo Masarati <masarati@aero.polimi.it>
- Date: Wed, 01 Aug 2001 10:32:38 +0200
- Cc: openldap-devel@OpenLDAP.org
- Organization: Dipartimento di Ingegneria Aerospaziale
- References: <200107280934.f6S9Y9R12713@server.aero.polimi.it> <5.1.0.14.0.20010731114236.00b0e528@127.0.0.1>
"Kurt D. Zeilenga" wrote:
> yes. What I suggest is adding a "to be checked"
> limit. That is, if the indexing system (commonly due
> to lack of appropriate indexes) returns too long of a
> list, then the search immediately (without checking or
> returning any entry) completes with unwillingToPerform.
>
> I note for time/size (and other) limits, separate
> soft and hard limits would be nice. That is, if
> the size limits were 500 soft, 1000, hard, the limit
> would be limited to 500 entries unless they request
> a specific limit. If that limit exceeds the hard
> limit, unwillingToPerform would be immediately
> returned.
I submitted a change in this direction. Now the limits
(global, per backend and per op_ndn) are:
- soft: if no limit is requested, this is used as in the
original slapd.
- hard: if this is set (default is not), if a limit is
requested and it is larger that the hard limit, the
search retursn unwillingToPerform; if it is 0
(the default) the original behavior results,
that is the soft limit is silently used instead of the
required one; if it is set to -1, no hard limit is enforced,
and the requested limit is honored.
These two apply both to time and size.
- unchecked: if this is set (default is not), if the number
of candidates exceedes the limit, unwillingToPerform
is issued.
These facilities, coupled to the per op_ndn limit selection,
shoul help in tailoring installations in case of heavy load:
the to-be-checked feature drops malformed searches on
badly indexed attribs, the hard limit feature drops malformed
searches expecting too many results; the per op_ndn allows
authenticated people to do heavy duty work under strict
administrative control.
I did my best to preserve the original behavior and
backwards compatible syntax. If one uses
sizelimit <integer>
timelimit <integer>
the traditional behavior is preserved (please notify any
inconvenience!). The new behavior is obtained by using
timelimit time[.{soft|hard}]=<integer>
sizelimit size[.{soft|hard|unchecked}]=<integer>
the per op_ndn behavior is obtained by using (inside
a backend):
limits [dn[.{regex|exact}]=]<dn pattern> <limit> [...]
with <dn pattern> represented by a dn in case of "exact"
match and a case-insensitive, extended regex pattern
in case of "regex" match (the default), <and <limit>:
time[.{soft|hard}]=<integer>
size[.{soft|hard|unchecked}]=<integer>
Enjoy!
Pierangelo.
--
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy |
http://www.aero.polimi.it/~masarati