[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: limits



On Fri, Jul 08, 2011 at 10:51:45AM -0300, Friedrich Locke wrote:

> i have setted some limits in slapd.conf:
> 
> limits dn.base="cn=ypldap,ou=appsrv,dc=ufv,dc=br" time=2048 size=16384
> limits dn.one="ou=people,dc=ufv,dc=br" time=4 size=1
> 
> But my log shows:
> 
> /etc/openldap/slapd.conf : line 80: deprecated "one" style "limits
> <pattern> <limits>" line; use "onelevel" instead.
> 
> The error message is showed only for limits definition.
> My access rules uses "one" and i get no complains in the log file, why?

"one" is allowed in ACLs but it is not allowed in limits statements
"onelevel" is allowed in either place. This is inconsistent, but the
manpage does make clear what the rules are:

limits <selector> <limit> [<limit> [...]]
  Specify time and size limits based on the operation's initiator or  base  DN.
  The argument <selector> can be any of

	 anonymous | users | [<dnspec>=]<pattern> | group[/oc[/at]]=<pattern>

  with

	 <dnspec> ::= dn[.<type>][.<style>]

	 <type>  ::= self | this

	 <style>  ::=  exact  |  base | onelevel | subtree | children | regex | anonymous

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------