[Freeipa-devel] Paging in Web UI
Endi Sukma Dewata
edewata at redhat.com
Wed Aug 29 17:08:14 UTC 2012
On 8/29/2012 10:24 AM, Rich Megginson wrote:
> On 08/29/2012 09:16 AM, Endi Sukma Dewata wrote:
>> On 8/29/2012 9:49 AM, Rich Megginson wrote:
>>>>>>> We can also use Simple Paged Results, but if I understood
>>>>>>> correctly it
>>>>>>> requires the httpd to maintain an open connection to the LDAP
>>>>>>> server foreach user and for each page.
>>>>>
>>>>> Not for each user. In 389-ds-base-1.2.11 you can have multiple simple
>>>>> paged result searches on a single connection - see
>>>>> https://fedorahosted.org/389/ticket/260
>>>>
>>>> Well this is the crux of the problem. We do not maintain a connection
>>>> per user. LDAP connections exist for the duration of a single IPA RPC
>>>> call. Those RPC calls may be multiplexed across multiple IPA server
>>>> instances, each of which is it's own process.
>>>>
>>>> Our LDAP connections are very short lived and are scattered across
>>>> processes.
>>>
>>> So it sounds like, in order to be useful to IPA, we need to extend
>>> simple paged results:
>>> 1) ability to have the "cookie" (i.e. the results list and current
>>> position in that list) live outside of a connection
>>> 2) ability to go backwards in a list
>>>
>>> Is this correct? If so, please file 389 RFE's for these.
>>
>> For (1) how does the httpd send the information that it wants to use
>> the result list from a previous connection? Is it going to use a new
>> LDAP control?
>
> Not sure. Might be able to use the existing simple paged result control.
>
>> Or would there be a session ID?
>>
>> If we implement (2) does it mean the pages still need to be accessed
>> sequentially, or can we jump to any random page?
>
> We should be able support random page access. But I think we could
> support the ability to go backwards from the current page without random
> access support.
>
>>
>> Also if I understood correctly the LDAP connections are made using
>> user credentials, not Directory Manager, so things like
>> nsslapd-sizelimit will apply. Does it mean a non-admin cannot browse
>> the entire directory?
> in 1.2.10 we have different limits for paged result searches:
>
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
OK. I opened this ticket: https://fedorahosted.org/389/ticket/441
Thanks!
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list