[EMAIL PROTECTED] wrote: > On Oct 19, 7:32 pm, Rich Megginson <[EMAIL PROTECTED]> wrote: >> [EMAIL PROTECTED] wrote: >>> Hi, >>> I have created a test client program using LDAP C SDK 5.12, to >>> retrieve data from iPlanet Directory Server 5.1. >>> I am using asynchronous function call ldap_search_ext with NULL >>> timeout and 0 sizelimit. In continuation I am trying to get results >>> using ldap_result with LDAP_MSG_ALL keeping various values of timeout. >>> I was getting error "sizelimit exceeded" for search result more tan >>> 2000. After setting nsslapd-sizelimit to a larger value I am able to >>> retrieve 5000 entries accompanied by error "Administrative limit >>> exceeded". >>> Please let me know underlying reason for it. If there is any >>> configuration parameter to be set to a higher value? >> You'll have to either bind to the directory server as directory manager, >> or increase the server's lookthrough limit. >> >> >> >>> Also when I set timelimit to some finite value less than time required >>> to fetch all results for any query, what will be the response of >>> ldap_result with parameter LDAP_MSG_ALL? >> You should get back LDAP_TIMELIMIT_EXCEEDED as the last result. >> >> >> >> >> >>> Any suggestion in this regard will be highly appreciated. >>> Thanks >>> Bhawna- Hide quoted text - >> - Show quoted text -- Hide quoted text - >> >> - Show quoted text - > > Thanks a lot. It worked well. Another query I have is : How > LDAP_OPT_TIMELIMIT, set through ldap_set_option is different than > timeout parametr of ldap_search_ext. Or more specifically please > specify roles and precedence of LDAP_OPT_TIMELIMIT, timeout parameter > and DS timeout setting in context to a call for ldap_searc_ext().
The timelimit is the amount of time the server will spend servicing your request. This is primarily for server Denial of Service protection, so a rogue client cannot do a search which takes a long time (e.g. objectclass=* of every record in the database, or perhaps some sort of complicated nested group query that takes the server a long time to resolve). Of course most LDAP servers have many other methods to protect against Denial of Service (sizelimit, lookthrough limit, etc.) The timeout parameter is for the client, so the client can abandon a request if the server or network goes down. > > Thanks and Regards > Bhawna Bhati > _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
