Submission from: (NULL) (22.214.171.124)
In the control returned to the client, the
size MAY be set to the server's estimate of the total number of
entries in the entire result set.
So a client could evaluate this size value whether it's greater than 0 and take
this as indication how many search results would be returned (and e.g. display
it to the user).
slapd doesn't know in advance how many results can be returned. It knows
how many potential candidates were generated by index lookups, but this
number may be much larger than the actual result set. In particular, the
result set may be much smaller due to ACLs, as well as actual filter
comparisons. It would be a security violation to disclose the existence
of entries that the user is not permitted to see.
Rejecting this request.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/