> The notion behind lookthrough limit is that the administrator > can dermine an upper bound for the amount of WORK that > the server will perform for a given client's search. That makes sense. Does this mean if a sizelimit (not lookthrough) is hit, the server continues searching the database, even though it has already returned error code 4 to the client? Thanks for the responses, -- George David Boreham wrote: > > The notion behind lookthrough limit is that the administrator > can dermine an upper bound for the amount of WORK that > the server will perform for a given client's search. This is > basically a simple form of denial of service control. > So clients that hit the limit are not expected to receive > useful results at all. The client should say something like > 'the server didn't complete your search because you burned > too much gas'. > > I believe it is fairly common to want to set a lookthrough limit > for 'ordinary' users, but have an infinite limit for special accounts > that are expected to perform expensive searches. > > There are other ways to skin the cat, for example denying > certain users the ability to perform un-indexed searches at all. > > > Paul Engle wrote: > >> As I understand it, sizelimit determines the maximum number of >> results that are returned from the search, whereas lookthroughlimit >> determines the maximum number of things that will be searched in the >> first place. >> >> Frankly, in our setup I have lookthroughlimit set to -1 (unlimited). >> Since the order of the searching is non-deterministic, I can't fathom >> any use for it. It has to be at least as large as your largest >> searchable tree, or else there will be entries that can never be >> returned in a search. If anyone out there is using this parameter, >> can you explain how/why? >> >> -paul >> >> - --On Wednesday, March 14, 2007 12:45:49 PM -0700 George Holbert >> <gholbert at broadcom.com> wrote: >> >> >> >>> Something I've been wondering about: >>> It seems like nsslapd-lookthroughlimit and nsslapd-sizelimit >>> effectively >>> do the same thing, but just return a different error code. >>> >>> If nsslapd-lookthroughlimit is lower, the error code is 11 and the >>> error >>> message is: >>> ldap_search: Administrative limit exceeded >>> >>> If nsslapd-sizelimit is lower, the error code is 4 and the error >>> message >>> is: >>> ldap_search: Sizelimit exceeded >>> >>> I've read the description of both of these variables many times in the >>> documentation, and I think I understand the theoretical difference. >>> But >>> in practical terms, it still seems like whichever has the higher value >>> will never have an effect, since the lower limit on the other is always >>> hit first. >>> >>> Can anyone describe a practical situation where both the lookthrough >>> and >>> size limits would come into play? >>> Is there any particular reason to prefer one or the other to enforce >>> maximum search result limits? >>> >>> >>> Thank you! >>> -- George >>> >>> >>> >> >> >> >> - -- Paul D. Engle | Rice University >> Sr. Systems Administrator | Information Technology - MS119 >> (713) 348-4702 | P.O. Box 1892 >> pengle at rice.edu | Houston, TX 77251-1892
