[Date Prev][Date Next] [Chronological] [Thread] [Top]

feature request (was: Re: Disallowing Wildcard Searches ?)

Hi Pierangelo,

--On Samstag, 23. Februar 2002 09:20 +0000 Pierangelo Masarati <masarati@aero.polimi.it> wrote:

In HEAD code and in the forthcoming 2.1 alpha there's support
for granular check of the number of entries that are returned/handled;
in detail, you can set these limits based on the dn that initiated
the request (with subtree, regex and more matching clauses). The limits
can affect: the number of entries that are returned, the duration of
the operation, and (this is probably what you need) the number
of candidates that are checked (filter/acl) before returning.
By setting this limit to a reasonable value for non-authenticated
users you can obtain the filtering you need.

Would it be hard to implement limits based on the structural object class of an entry?
We are currently considering ways to provide LDAP access to the white-pages of the German reseach network (DFN AMBIX). To make it a bit harder for spammers to crawl the whole directory, we need to impose some server side limits. However, a global size limit is of little use here. While this would effectively reduce the number of person entries to be returned, it would also disallow browsing the DIT as container entries like l,o,ou are affected as well. What I'd like to do, is to only limit the number of 'person' entries to be returned.

Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de