The notion behind lookthrough limit is that the administrator
can dermine an upper bound for the amount of WORK that
the server will perform for a given client's search.
That makes sense.
Does this mean if a sizelimit (not lookthrough) is hit, the server
continues searching the database, even though it has already returned
error code 4 to the client?
Thanks for the responses,
-- George
David Boreham wrote:
The notion behind lookthrough limit is that the administrator
can dermine an upper bound for the amount of WORK that
the server will perform for a given client's search. This is
basically a simple form of denial of service control.
So clients that hit the limit are not expected to receive
useful results at all. The client should say something like
'the server didn't complete your search because you burned
too much gas'.
I believe it is fairly common to want to set a lookthrough limit
for 'ordinary' users, but have an infinite limit for special accounts
that are expected to perform expensive searches.
There are other ways to skin the cat, for example denying
certain users the ability to perform un-indexed searches at all.
Paul Engle wrote:
As I understand it, sizelimit determines the maximum number of
results that are returned from the search, whereas lookthroughlimit
determines the maximum number of things that will be searched in the
first place.
Frankly, in our setup I have lookthroughlimit set to -1 (unlimited).
Since the order of the searching is non-deterministic, I can't fathom
any use for it. It has to be at least as large as your largest
searchable tree, or else there will be entries that can never be
returned in a search. If anyone out there is using this parameter,
can you explain how/why?
-paul
- --On Wednesday, March 14, 2007 12:45:49 PM -0700 George Holbert
<gholbert@xxxxxxxxxxxx> wrote:
Something I've been wondering about:
It seems like nsslapd-lookthroughlimit and nsslapd-sizelimit
effectively
do the same thing, but just return a different error code.
If nsslapd-lookthroughlimit is lower, the error code is 11 and the
error
message is:
ldap_search: Administrative limit exceeded
If nsslapd-sizelimit is lower, the error code is 4 and the error
message
is:
ldap_search: Sizelimit exceeded
I've read the description of both of these variables many times in the
documentation, and I think I understand the theoretical difference.
But
in practical terms, it still seems like whichever has the higher value
will never have an effect, since the lower limit on the other is always
hit first.
Can anyone describe a practical situation where both the lookthrough
and
size limits would come into play?
Is there any particular reason to prefer one or the other to enforce
maximum search result limits?
Thank you!
-- George
- -- Paul D. Engle | Rice University
Sr. Systems Administrator | Information Technology - MS119
(713) 348-4702 | P.O. Box 1892
pengle@xxxxxxxx | Houston, TX 77251-1892
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users