[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Setting limits on an ou, only

Quanah Gibson-Mount wrote:
Sure, I can use that to set a limit for a user but this application needs
to bind anonymously (or the equivalent of anonymous, since the
credentials would have to be public).

I couldn't find anything in the limits directive that would let me
specify a part of the directory to set the limit on. Something like:
When searching the directory, return only 1 result.
Unless searching ou=people, then return all results.
There's no such possibility, since it makes little sense. The only solution I see, since limits are per-database, consists in putting that subtree into a separate database, and glue it together to the rest using the "subordinate" directive. As an alternative, I suggest you use the limits as defined in slapd.conf(5); in that case, your application needs to bind. If your concern is about security, then don't give other privileges to that identity except the possibility to overcome the default limits.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it