[389-users] bypassing limits for persistent search and specific user
Rich Megginson
rmeggins at redhat.com
Wed Mar 14 15:46:31 UTC 2012
On 03/14/2012 07:42 AM, Petr Spacek wrote:
> Hello,
>
> On 03/14/2012 12:16 AM, Nathan Kinder wrote:
>> On 03/13/2012 04:09 PM, Petr Spacek wrote:
>>> Hello list,
>>>
>>> I'm looking for way how to bypass nsslapd-sizelimit and
>>> nsslapd-timelimit for persistent search made by specific user (or
>>> anything made by that user).
>
> ... snip ...
>
> On 03/14/2012 12:16 AM, Nathan Kinder wrote:
>> On 03/13/2012 04:09 PM, Petr Spacek wrote:
>>> It's possible to bypass limits for this connection/user
>> I think setting the limits based on your bind DN should work.
>
> I did some testing and converged to this setting:
> nsIdleTimeout, nsLookThroughLimit, nsSizeLimit, nsTimeLimit set to -1,
> so limits are disabled for specific user.
>
> Is there any potential problem with this, if user is trusted? (It's
> LDAP server <-> DNS server "pipe".)
> Are there some limits which should not be bypassed? :-)
If you trust the user/application, then this should be fine.
>
> Expected use case has 1 LDAP to 1 DNS ratio.
>
>
> Thanks for your time.
>
>
> Petr^2 Spacek
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list