Supporting unindexed search requests
By default, the PingDirectory server denies all unindexed search requests, except for those issued by the bind distinguished names (DNs) that have the unindexed-search
privilege.
About this task
This default behavior keeps the server from tying up worker threads on time-consuming, unindexed searches. However, you can turn off the enforcement of the unindexed-search
privilege to allow any client to perform an unindexed search.
Steps
-
Set the
disabled-privilege
global configuration property tounindexed-search
as follows.Example:
$ bin/dsconfig set-global-configuration-prop \ --set disabled-privilege:unindexed-search
-
If you choose to allow unindexed searches, cap the maximum number of concurrent unindexed search requests using the
maximum-concurrent-unindexed-searches
global configuration property.Example:
$ bin/dsconfig set-global-configuration-prop \ --set maximum-concurrent-unindexed-searches:2
-
Limit unindexed search privileges for particular clients using the
allow-unindexedsearches
property of the client connection policy.For more information about configuring client connection policies, see Client connection policy configuration.