Although the global configuration defines default values for several resource limits, it is possible to override those default values on a per-user basis by adding an appropriate set of operational attributes to the user’s entry.
Resource limits set through operational attributes can grant a user a higher limit than is available by default in the global configuration, or it can impose a lower limit than would otherwise be permitted by default.
These operational attributes include:
Attribute | Description |
---|---|
|
The maximum number of entries that the user is allowed to retrieve in
any single search operation. A value of zero indicates that no size
limit is enforced for the user. If this attribute is present in a
user’s entry, then it overrides the default
|
|
The maximum length of time in seconds that the server is allowed to
spend processing any single search operation for the user. A value
of zero indicates that no time limit is enforced for the user. If
this attribute is present in a user’s entry, then it overrides the
default |
|
The maximum number of entries that the server is allowed to
examine while processing any single search operation for the user. A
value of zero indicates that no lookthrough limit is enforced for
the user. If this attribute is present in a user’s entry, then it
overrides the default |
|
The maximum length of time in seconds that the user is allowed to have an idle connection (one in which no operations in progress) established. A value of zero indicates that no idle time limit is enforced for the user. If this attribute is present in a user’s entry, then it overrides the default idle-time-limit value from the global configuration. |
|
The maximum number of entries that are joined with any
single search result entry when processing a search request that
includes the LDAP join request control. A value of zero indicates
that no LDAP join size limit is enforced for the user. If this
attribute is present in the user’s entry, then it overrides the
default |
Each of these attributes can be explicitly set in the entries for users that should have a value that is different from the corresponding property in the global configuration. You can also use virtual attributes to dynamically assign values for these attributes using criteria like the location or content of the user’s entry or the groups in which that user is a member or the client connection policy to which they are assigned.