--On Samstag, 23. Februar 2002 09:20 +0000 Pierangelo Masarati <email@example.com> wrote:
In HEAD code and in the forthcoming 2.1 alpha there's support for granular check of the number of entries that are returned/handled; in detail, you can set these limits based on the dn that initiated the request (with subtree, regex and more matching clauses). The limits can affect: the number of entries that are returned, the duration of the operation, and (this is probably what you need) the number of candidates that are checked (filter/acl) before returning. By setting this limit to a reasonable value for non-authenticated users you can obtain the filtering you need.
Would it be hard to implement limits based on the structural object class of an entry?
We are currently considering ways to provide LDAP access to the white-pages of the German reseach network (DFN AMBIX). To make it a bit harder for spammers to crawl the whole directory, we need to impose some server side limits. However, a global size limit is of little use here. While this would effectively reduce the number of person entries to be returned, it would also disallow browsing the DIT as container entries like l,o,ou are affected as well. What I'd like to do, is to only limit the number of 'person' entries to be returned.