PingDirectory

Supporting unindexed search requests

By default, the PingDirectory server denies all unindexed search requests, except for those issued by the bind distinguished names (DNs) that have the unindexed-search privilege.

About this task

This default behavior keeps the server from tying up worker threads on time-consuming, unindexed searches. However, you can turn off the enforcement of the unindexed-search privilege to allow any client to perform an unindexed search.

Steps

  1. Set the disabled-privilege global configuration property to unindexed-search as follows.

    Example:

    $ bin/dsconfig set-global-configuration-prop \
      --set disabled-privilege:unindexed-search
  2. If you choose to allow unindexed searches, cap the maximum number of concurrent unindexed search requests using the maximum-concurrent-unindexed-searches global configuration property.

    Example:

    $ bin/dsconfig set-global-configuration-prop \
      --set maximum-concurrent-unindexed-searches:2
  3. Limit unindexed search privileges for particular clients using the allow-unindexedsearches property of the client connection policy.

    For more information about configuring client connection policies, see Client connection policy configuration.