Unknown features:
- Per user resource limits (sizelimit, timelimit, idletimeout, etc).
I
think Howard Chu said OpenLDAP has some of this, but I haven't seen
any
reference to it or how to use it in the docs (does this functionality exist, and if so, is there any documentation?)
man slapd.conf, see the "limits" command
Doh (smacks head). That was too obvious, so of course I missed it... :)
OK, Sun allows you to set the following per user limit: - Time limit (how much time an operation can take) - Size limit (max # of entries a search can return) - Lookthru limit (max number of entries that will be looked at in a search, even if max # entries have not been found) - Idle timeout (max time a connection bound as this user can be idle before closing)
Looks like OpenLDAP can do the time limit, size limit (size.soft/size.hard) and the lookthru limit (size.unchecked), but can't do idle timeout (which of course is the one I use... :-/ )
The ones that are really problematic are the lack of:
- RFC 2891 (server side sorting)
Why is this problematic? Server side sorting is a horrible waste of
server
CPU that's better served by the client doing sorting how it wants.
--Quanah
Because of existing usage. Unfortunately, we have applications that use and depend on it (and I think the VLV mechanism depends on it as well - it requires that the result set be sorted, in any case). Breaking all those apps would be a hard sell.
Also, if you are doing simple paged results (which OpenLDAP does support), the point is that the client may not have the resources to handle all matching results at one time, so getting them back in (some form of) sorted order is useful.
- Jeff