[Fedora-directory-users] lookthrough vs. sizelimit

[George Holbert]

> The notion behind lookthrough limit is that the administrator
> can dermine an upper bound for the amount of WORK that
> the server will perform for a given client's search.

That makes sense.
Does this mean if a sizelimit (not lookthrough) is hit, the server 
continues searching the database, even though it has already returned 
error code 4 to the client?

Thanks for the responses,
-- George


David Boreham wrote:
>
> The notion behind lookthrough limit is that the administrator
> can dermine an upper bound for the amount of WORK that
> the server will perform for a given client's search. This is
> basically a simple form of denial of service control.
> So clients that hit the limit are not expected to receive
> useful results at all. The client should say something like
> 'the server didn't complete your search because you burned
> too much gas'.
>
> I believe it is fairly common to want to set a lookthrough limit
> for 'ordinary' users, but have an infinite limit for special accounts
> that are expected to perform expensive searches.
>
> There are other ways to skin the cat, for example denying
> certain users the ability to perform un-indexed searches at all.
>
>
> Paul Engle wrote:
>
>> As I understand it, sizelimit determines the maximum number of 
>> results that are returned from the search, whereas lookthroughlimit 
>> determines the maximum number of things that will be searched in the 
>> first place.
>>
>> Frankly, in our setup I have lookthroughlimit set to -1 (unlimited). 
>> Since the order of the searching is non-deterministic, I can't fathom 
>> any use for it. It has to be at least as large as your largest 
>> searchable tree, or else there will be entries that can never be 
>> returned in a search. If anyone out there is using this parameter, 
>> can you explain how/why?
>>
>>  -paul
>>
>> - --On Wednesday, March 14, 2007 12:45:49 PM -0700 George Holbert 
>> <gholbert at broadcom.com> wrote:
>>
>>  
>>
>>> Something I've been wondering about:
>>> It seems like nsslapd-lookthroughlimit and nsslapd-sizelimit 
>>> effectively
>>> do the same thing, but just return a different error code.
>>>
>>> If nsslapd-lookthroughlimit is lower, the error code is 11 and the 
>>> error
>>> message is:
>>> ldap_search: Administrative limit exceeded
>>>
>>> If nsslapd-sizelimit is lower, the error code is 4 and the error 
>>> message
>>> is:
>>> ldap_search: Sizelimit exceeded
>>>
>>> I've read the description of both of these variables many times in the
>>> documentation, and I think I understand the theoretical difference.  
>>> But
>>> in practical terms, it still seems like whichever has the higher value
>>> will never have an effect, since the lower limit on the other is always
>>> hit first.
>>>
>>> Can anyone describe a practical situation where both the lookthrough 
>>> and
>>> size limits would come into play?
>>> Is there any particular reason to prefer one or the other to enforce
>>> maximum search result limits?
>>>
>>>
>>> Thank you!
>>> -- George
>>>
>>>
>>>   
>>
>>
>>
>> - -- Paul D. Engle                | Rice University
>> Sr. Systems Administrator    | Information Technology - MS119
>> (713) 348-4702               | P.O. Box 1892
>> pengle at rice.edu              | Houston, TX 77251-1892