[Date Prev][Date Next]
feature request (was: Re: Disallowing Wildcard Searches ?)
--On Samstag, 23. Februar 2002 09:20 +0000 Pierangelo Masarati
In HEAD code and in the forthcoming 2.1 alpha there's support
for granular check of the number of entries that are returned/handled;
in detail, you can set these limits based on the dn that initiated
the request (with subtree, regex and more matching clauses). The limits
can affect: the number of entries that are returned, the duration of
the operation, and (this is probably what you need) the number
of candidates that are checked (filter/acl) before returning.
By setting this limit to a reasonable value for non-authenticated
users you can obtain the filtering you need.
Would it be hard to implement limits based on the structural object class
of an entry?
We are currently considering ways to provide LDAP access to the white-pages
of the German reseach network (DFN AMBIX). To make it a bit harder for
spammers to crawl the whole directory, we need to impose some server side
limits. However, a global size limit is of little use here. While this
would effectively reduce the number of person entries to be returned, it
would also disallow browsing the DIT as container entries like l,o,ou are
affected as well. What I'd like to do, is to only limit the number of
'person' entries to be returned.
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH phone: +49 7071 29 70336
Wilhelmstr. 106 fax: +49 7071 29 5114
72074 Tübingen email: email@example.com
Germany web: http://www.daasi.de