Quanah Gibson-Mount wrote:
Sure, I can use that to set a limit for a user but this application
needs
to bind anonymously (or the equivalent of anonymous, since the
credentials would have to be public).
I couldn't find anything in the limits directive that would let me
specify a part of the directory to set the limit on. Something like:
When searching the directory, return only 1 result.
Unless searching ou=people, then return all results.
There's no such possibility, since it makes little sense. The only
solution I see, since limits are per-database, consists in putting that
subtree into a separate database, and glue it together to the rest using
the "subordinate" directive. As an alternative, I suggest you use the
limits as defined in slapd.conf(5); in that case, your application needs
to bind. If your concern is about security, then don't give other
privileges to that identity except the possibility to overcome the
default limits.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: [EMAIL PROTECTED]
------------------------------------------