7.3. Setting Resource Limits Based on the Bind DN

7.3. Setting Resource Limits Based on the Bind DN

Server limits for search operations are controlled using special operational attribute values on the client application binding to the directory. You can set the following search operation limits:

The resource limits set for the client application take precedence over the default resource limits set for in the global server configuration.

NOTE

The Directory Manager receives unlimited resources by default.

7.3.1. Setting Resource Limits Using the Console

The following procedure describes setting resource limits for a user or a role using the Directory Server Console:

  1. Select the Directory tab.

  2. Browse the navigation tree in the left navigation pane, and double-click the user or role for which to set resource limits.

    The Edit Entry dialog box appears.

  3. Click Account in the left pane. The right pane contains the four limits that can be set in the Resource Limits section.

    Entering a value of -1 indicates no limit.

  4. Click OK.

7.3.2. Setting Resource Limits Using the Command-Line

The following operational attributes can be set for each entry using the command-line. Use ldapmodify to add the following attributes to the entry:

Attribute Description
nsLookThroughLimit Specifies how many entries are examined for a search operation. Giving this attribute a value of -1 indicates that there is no limit.
nsSizeLimit Specifies the maximum number of entries the server returns to a client application in response to a search operation. Giving this attribute a value of -1 indicates that there is no limit.
nsTimeLimit Specifies the maximum time the server spends processing a search operation. Giving this attribute a value of -1 indicates that there is no time limit.
nsIdleTimeout Specifies the time a connection to the server can be idle before the connection is dropped. The value is given in seconds. Giving this attribute a value of -1 indicates that there is no limit.

For example, this sets the size limit for Barbara Jensen by using ldapmodify[6] to modify her entry: 

ldapmodify -h myserver -p 389 -D "cn=directory manager" -w secretpwd

dn: uid=bjensen,ou=people,dc=example,dc=com
changetype: modify
add:nsSizeLimit
nsSizeLimit: 500

The ldapmodify statement adds the nsSizeLimit attribute to Babs Jensen's entry and gives it a search return size limit of 500 entries.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.