[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c slap.h

I should have mentioned that I don't see any problem with implementing
the suggested feature as an option, and documenting in the 'index ...'
description that substring searches can revert to presence searches.
Making it a default should probably not be done in a minor version, and
it might be best to announce the change.

Howard Chu writes:

>>> The unchecked limit would make (mail=*foo*) fail at
>>> once, while (mail=*) might narrow it down enough that the server would
>>> then trawl through a lot of entries - often only to fail to find
>>> anything.
> Nobody can predict whether such a search would more often fail or 
> succeed, that conclusion is unsupportable.

Checking the Statslog() output helps.

Though I notice what I said isn't quite true; I forgot to mention
one other problem:  Returning too many uninteresting entries.

> I'm somewhat opposed to 
> setting up mechanisms that prevent a user from retrieving data that 
> exists and the user is authorized to access.

Well, you'll notice one major reason for trying this is as a service to
the users:-)

As for privacy protection, whether or not some personal information is
accessible is not the only factor for whether the service which provides
that is acceptable - other factors are e.g. how easily outsiders can
retrieve a dump of the entire database, and what it is possible to
search for.

> But since refining the 
> search (with longer search strings) should allow the search to progress, 
> I guess I don't care too strongly about it.