On 04/12/2011 04:32 PM, Troy Knabe wrote:
I want to enforce a size limit to restrict normal users. But I have a particular proxy account that I need to be able to return the entire directory. Is there a way to set sizelimit for a particular user differently than it is set for the directory?
Thanks
-Troy
Troy, here is what I've been using to do what you want (from my
slapd.conf file, haven't gone to cn=config yet). It will also allow
unlimited access to anyone using page control (ie: getting 200 entries
per query, but unlimited queries). Anyone else will be limited to 200
entries returned from a single search.
I have this for each of the databases (I have 4 different LDAP databases
for various groups). You could also have this as a global but I wanted
finer control then that (some groups can have more then 200 entries, but
still limited).
# Let the proxy DN and anyone using Paged
# control have unlimited searches
limits dn.exact="cn=proxy,o=example.com" size=unlimited time=unlimited
limits * size=200 size.pr=unlimited size.prtotal=unlimited
Should be pretty close to what you need.
Tom Leach
leach@coas.oregonstate.edu