Tom Leach wrote:
On 04/12/2011 04:32 PM, Troy Knabe wrote:
> I want to enforce a size limit to restrict normal users. But I have a particular
proxy account that I need to be able to return the entire directory. Is there a way to
set sizelimit for a particular user differently than it is set for the directory?
Troy, here is what I've been using to do what you want (from my
slapd.conf file, haven't gone to cn=config yet). It will also allow
unlimited access to anyone using page control (ie: getting 200 entries
per query, but unlimited queries). Anyone else will be limited to 200
entries returned from a single search.
I have this for each of the databases (I have 4 different LDAP databases
for various groups). You could also have this as a global but I wanted
finer control then that (some groups can have more then 200 entries, but
# Let the proxy DN and anyone using Paged
# control have unlimited searches
limits dn.exact="cn=proxy,o=example.com" size=unlimited time=unlimited
limits * size=200 size.pr=unlimited size.prtotal=unlimited
Should be pretty close to what you need.
Nice example, but have you given him a fish, or taught him how to fish?
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/