feature request (was: Re: Disallowing Wildcard Searches ?)

[Norbert Klasen <norbert.klasen@daasi.de>]

Hi Pierangelo,

--On Samstag, 23. Februar 2002 09:20 +0000 Pierangelo Masarati 
<masarati@aero.polimi.it> wrote:

> In HEAD code and in the forthcoming 2.1 alpha there's support
> for granular check of the number of entries that are returned/handled;
> in detail, you can set these limits based on the dn that initiated
> the request (with subtree, regex and more matching clauses). The limits
> can affect: the number of entries that are returned, the duration of
> the operation, and (this is probably what you need) the number
> of candidates that are checked (filter/acl) before returning.
> By setting this limit to a reasonable value for non-authenticated
> users you can obtain the filtering you need.

Would it be hard to implement limits based on the structural object class 
of an entry?
We are currently considering ways to provide LDAP access to the white-pages 
of the German reseach network (DFN AMBIX). To make it a bit harder for 
spammers to crawl the whole directory, we need to impose some server side 
limits. However, a global size limit is of little use here. While this 
would effectively reduce the number of person entries to be returned, it 
would also disallow browsing the DIT as container entries like l,o,ou are 
affected as well. What I'd like to do, is to only limit the number of 
'person' entries to be returned.

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de