I want to enforce a size limit to restrict normal users. But I have a particular proxy account that I need to be able to return the entire directory. Is there a way to set sizelimit for a particular user differently than it is set for the directory?
Thanks -Troy
On 04/12/2011 04:32 PM, Troy Knabe wrote:
I want to enforce a size limit to restrict normal users. But I have a particular proxy account that I need to be able to return the entire directory. Is there a way to set sizelimit for a particular user differently than it is set for the directory?
Thanks -Troy
Troy, here is what I've been using to do what you want (from my slapd.conf file, haven't gone to cn=config yet). It will also allow unlimited access to anyone using page control (ie: getting 200 entries per query, but unlimited queries). Anyone else will be limited to 200 entries returned from a single search. I have this for each of the databases (I have 4 different LDAP databases for various groups). You could also have this as a global but I wanted finer control then that (some groups can have more then 200 entries, but still limited).
# Let the proxy DN and anyone using Paged # control have unlimited searches limits dn.exact="cn=proxy,o=example.com" size=unlimited time=unlimited limits * size=200 size.pr=unlimited size.prtotal=unlimited
Should be pretty close to what you need. Tom Leach leach@coas.oregonstate.edu
Looks like exactly what I need. Thanks!!!
~Troy Sent from my Mobile Device
On Apr 12, 2011, at 4:37 PM, Tom Leach leach@coas.oregonstate.edu wrote:
On 04/12/2011 04:32 PM, Troy Knabe wrote:
I want to enforce a size limit to restrict normal users. But I have a particular proxy account that I need to be able to return the entire directory. Is there a way to set sizelimit for a particular user differently than it is set for the directory? Thanks -Troy
Troy, here is what I've been using to do what you want (from my slapd.conf file, haven't gone to cn=config yet). It will also allow unlimited access to anyone using page control (ie: getting 200 entries per query, but unlimited queries). Anyone else will be limited to 200 entries returned from a single search. I have this for each of the databases (I have 4 different LDAP databases for various groups). You could also have this as a global but I wanted finer control then that (some groups can have more then 200 entries, but still limited).
# Let the proxy DN and anyone using Paged # control have unlimited searches limits dn.exact="cn=proxy,o=example.com" size=unlimited time=unlimited limits * size=200 size.pr=unlimited size.prtotal=unlimited
Should be pretty close to what you need. Tom Leach leach@coas.oregonstate.edu
Tom Leach wrote:
On 04/12/2011 04:32 PM, Troy Knabe wrote:
I want to enforce a size limit to restrict normal users. But I have a particular proxy account that I need to be able to return the entire directory. Is there a way to set sizelimit for a particular user differently than it is set for the directory?
Thanks -Troy
Troy, here is what I've been using to do what you want (from my slapd.conf file, haven't gone to cn=config yet). It will also allow unlimited access to anyone using page control (ie: getting 200 entries per query, but unlimited queries). Anyone else will be limited to 200 entries returned from a single search. I have this for each of the databases (I have 4 different LDAP databases for various groups). You could also have this as a global but I wanted finer control then that (some groups can have more then 200 entries, but still limited).
# Let the proxy DN and anyone using Paged # control have unlimited searches limits dn.exact="cn=proxy,o=example.com" size=unlimited time=unlimited limits * size=200 size.pr=unlimited size.prtotal=unlimited
Should be pretty close to what you need. Tom Leach leach@coas.oregonstate.edu
Nice example, but have you given him a fish, or taught him how to fish?
openldap-technical@openldap.org