The notion behind lookthrough limit is that the administrator can dermine an upper bound for the amount of WORK that the server will perform for a given client's search. This is basically a simple form of denial of service control. So clients that hit the limit are not expected to receive useful results at all. The client should say something like 'the server didn't complete your search because you burned too much gas'. I believe it is fairly common to want to set a lookthrough limit for 'ordinary' users, but have an infinite limit for special accounts that are expected to perform expensive searches. There are other ways to skin the cat, for example denying certain users the ability to perform un-indexed searches at all. Paul Engle wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >As I understand it, sizelimit determines the maximum number of results that >are returned from the search, whereas lookthroughlimit determines the >maximum number of things that will be searched in the first place. > >Frankly, in our setup I have lookthroughlimit set to -1 (unlimited). Since >the order of the searching is non-deterministic, I can't fathom any use for >it. It has to be at least as large as your largest searchable tree, or else >there will be entries that can never be returned in a search. If anyone out >there is using this parameter, can you explain how/why? > > -paul > >- --On Wednesday, March 14, 2007 12:45:49 PM -0700 George Holbert ><gholbert at broadcom.com> wrote: > > > >>Something I've been wondering about: >>It seems like nsslapd-lookthroughlimit and nsslapd-sizelimit effectively >>do the same thing, but just return a different error code. >> >>If nsslapd-lookthroughlimit is lower, the error code is 11 and the error >>message is: >>ldap_search: Administrative limit exceeded >> >>If nsslapd-sizelimit is lower, the error code is 4 and the error message >>is: >>ldap_search: Sizelimit exceeded >> >>I've read the description of both of these variables many times in the >>documentation, and I think I understand the theoretical difference. But >>in practical terms, it still seems like whichever has the higher value >>will never have an effect, since the lower limit on the other is always >>hit first. >> >>Can anyone describe a practical situation where both the lookthrough and >>size limits would come into play? >>Is there any particular reason to prefer one or the other to enforce >>maximum search result limits? >> >> >>Thank you! >>-- George >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > > >- -- >Paul D. Engle | Rice University >Sr. Systems Administrator | Information Technology - MS119 >(713) 348-4702 | P.O. Box 1892 >pengle at rice.edu | Houston, TX 77251-1892 >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.6 (GNU/Linux) > >iD8DBQFF+FadCpkISWtyHNsRAuUVAKC3jFoDbyrl9ut37XhwySrBMX4MOQCcCton >eggDv1KLhHc1Y8dctEjZIq4= >=XnpW >-----END PGP SIGNATURE----- > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >