Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
Displaying the Configuration of Directory Server Instance
Modifying the Configuration Using DSCC
Modifying the Configuration From the Command Line
Configuring Administration Users
To Create an Administration User with Root Access
To Configure the Directory Manager
Protecting Configuration Information
Changing Directory Server Port Numbers
To Modify a Port Number, Enable a Port, and Disable a Port
To Enable the DSML-over-HTTP Service
To Disable the DSML-over-HTTP Service
To Define a New Identity Mapping for HTTP Headers
Setting the Server as Read-Only
To Enable or Disable the Server Read-Only Mode
To Configure Heap Memory Threshold
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
You can control search operation resource limits on the server for each client account. You set such limits in operational attributes on an account, and Directory Server then enforces them based on the account a client uses to bind to the directory.
The following limits can be set:
The look-through limit specifies the maximum number of entries examined for a search operation.
The size limit specifies the maximum number of entries returned in response to a search operation.
The time limit specifies the maximum time spent processing a search operation.
The idle timeout specifies the maximum time a client connection can remain idle before the connection is dropped.
Note - The Directory Manager can use unlimited resources by default.
The resource limits that you set on specific user accounts take precedence over the resource limits set in the server-wide configuration. This section provides information about setting resource limits for each account.
The examples given in this section set resource limits directly in the attributes of the entry. You can also set resource limits on account using the Class of Service (CoS) mechanism. The CoS mechanism generates computed attributes as an entry is retrieved for a client application. For more information about defining CoS, see Class of Service.
If you want to define the search limit that is used by the nsslapd process, refer to the following procedure:
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
$ dsconf get-server-prop -h host -p port look-through-limit search-size-limit \ search-time-limit idle-timeout look-through-limit : 5000 search-size-limit : 2000 search-time-limit : 3600 idle-timeout : none
The output shows that searches look through a maximum of 5000 entries, return a maximum of 2000 entries, and use a maximum of one hour (3600 seconds) of server time to process the search.
$ dsconf set-server-prop -h host -p port look-through-limit:integer
where integer is the maximum number of entries examined for a search operation.
$ dsconf set-server-prop -h host -p port search-size-limit:integer
where integer is the maximum number of entries returned by a search operation.
$ dsconf set-server-prop -h host -p port search-time-limit:integer
where integer is the maximum time spent processing a search operation.
$ dsconf set-server-prop -h host -p port idle-timeout:integer
where integer is the maximum time a client connection can remain idle before the connection is dropped.