[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attribute size limit?

Quanah Gibson-Mount wrote:
--On Tuesday, April 22, 2008 5:43 AM +0200 Emmanuel Dreyfus <manu@netbsd.org> wrote:

I had a bad
experience with users uploading huge pictures, causing LDAP queries in
some applications to timeout before getting a result,

Don't let them do that.

Well, there's already the standard attribute 'jpegPhoto' in 'inetOrgPerson'. So one might want to have a picture in there of just a few kB.

> Have them store a URL to a jpeg stored
> elsewhere.

The caveat is that an application has to use another protocol to grab this BLOB. And access control has to be made consistent by other means when using different data sources => more integration effort.

I always considered the lack of server-side limits on the number/length of attribute values and the LDAP PDU size a serious threat.

Ciao, Michael.