Quanah Gibson-Mount wrote:
--On Tuesday, April 22, 2008 5:43 AM +0200 Emmanuel Dreyfus manu@netbsd.org wrote:
I had a bad experience with users uploading huge pictures, causing LDAP queries in some applications to timeout before getting a result,
Don't let them do that.
Well, there's already the standard attribute 'jpegPhoto' in 'inetOrgPerson'. So one might want to have a picture in there of just a few kB.
Have them store a URL to a jpeg stored elsewhere.
The caveat is that an application has to use another protocol to grab this BLOB. And access control has to be made consistent by other means when using different data sources => more integration effort.
I always considered the lack of server-side limits on the number/length of attribute values and the LDAP PDU size a serious threat.
Ciao, Michael.