[Date Prev][Date Next]
Re: query result size limit by ip
The better way would be to change limits.c...we've seen a few requests for
this over time...
Your workaround sounds plausible. I'd consider using a back-ldap on the
limited server that proxies to the unlimited server.
The sizelimit directive is marked ARG_MAY_DB. So one workaround that may
or may not work for your situation (or at all, this is off the top of my
access to * by peername.ip="220.127.116.11" read
access to * by * read
and then you could configure different suffix for different limits, but
serve "the same" data. back-relay should be lighter than two slapd with
On Thu, 12 Jun 2008, Bill MacAllister wrote:
We have an application that can only bind to the directory anonymously and
needs to be able to exceed our query size limit. The queries will come from
a small set of IP addresses. What we want to do is to set the query size
limit by source ip address.
One way that I can see to do this is to run two slapd servers with different
-h switches specified on the slapd startup so that each server will bind to a
different interface:port. Then we can restrict access to the
unlimited-size-query server using ip tables. What would be really nice is if
the two configurations could specify the same backend databases. Has anyone
done this? Should this work? Is there a better way to do this?
Bill MacAllister <firstname.lastname@example.org>
Systems Programmer, ITS Unix Systems, Stanford University