You can control search operation resource limits on the server for each client account. You set such limits in operational attributes on an account, and Directory Server then enforces them based on the account a client uses to bind to the directory.
The following limits can be set:
The look-through limit specifies the maximum number of entries examined for a search operation.
The size limit specifies the maximum number of entries returned in response to a search operation.
The time limit specifies the maximum time spent processing a search operation.
The idle timeout specifies the maximum time a client connection can remain idle before the connection is dropped.
The Directory Manager can use unlimited resources by default.
The resource limits that you set on specific user accounts take precedence over the resource limits set in the server-wide configuration. This section provides information about setting resource limits for each account.
The examples given in this section set resource limits directly in the attributes of the entry. You can also set resource limits on account using the Class of Service (CoS) mechanism. The CoS mechanism generates computed attributes as an entry is retrieved for a client application. For more information about defining CoS, see Class of Service.
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Use the dsconf get-server-prop command to read the resource limit server properties.
$ dsconf get-server-prop -h host -p port look-through-limit search-size-limit \ search-time-limit idle-timeout look-through-limit : 5000 search-size-limit : 2000 search-time-limit : 3600 idle-timeout : none |
The output shows that searches look through a maximum of 5000 entries, return a maximum of 2000 entries, and use a maximum of one hour (3600 seconds) of server time to process the search.
Change the look-through limit.
$ dsconf set-server-prop -h host -p port look-through-limit:integer |
where integer is the maximum number of entries examined for a search operation.
Change the search size limit.
$ dsconf set-server-prop -h host -p port search-size-limit:integer |
where integer is the maximum number of entries returned by a search operation.
Change the search time limit.
$ dsconf set-server-prop -h host -p port serach-time-limit:integer |
where integer is the maximum time spent processing a search operation.
Change the idle timeout.
$ dsconf set-server-prop -h host -p port idle-timeout:integer |
where integer is the maximum time a client connection can remain idle before the connection is dropped.