[Freeipa-devel] Paging in Web UI
Rich Megginson
rmeggins at redhat.com
Wed Aug 29 15:24:32 UTC 2012
On 08/29/2012 09:16 AM, Endi Sukma Dewata wrote:
> On 8/29/2012 9:49 AM, Rich Megginson wrote:
>>>>>> We can also use Simple Paged Results, but if I understood
>>>>>> correctly it
>>>>>> requires the httpd to maintain an open connection to the LDAP
>>>>>> server foreach user and for each page.
>>>>
>>>> Not for each user. In 389-ds-base-1.2.11 you can have multiple simple
>>>> paged result searches on a single connection - see
>>>> https://fedorahosted.org/389/ticket/260
>>>
>>> Well this is the crux of the problem. We do not maintain a connection
>>> per user. LDAP connections exist for the duration of a single IPA RPC
>>> call. Those RPC calls may be multiplexed across multiple IPA server
>>> instances, each of which is it's own process.
>>>
>>> Our LDAP connections are very short lived and are scattered across
>>> processes.
>>
>> So it sounds like, in order to be useful to IPA, we need to extend
>> simple paged results:
>> 1) ability to have the "cookie" (i.e. the results list and current
>> position in that list) live outside of a connection
>> 2) ability to go backwards in a list
>>
>> Is this correct? If so, please file 389 RFE's for these.
>
> For (1) how does the httpd send the information that it wants to use
> the result list from a previous connection? Is it going to use a new
> LDAP control?
Not sure. Might be able to use the existing simple paged result control.
> Or would there be a session ID?
>
> If we implement (2) does it mean the pages still need to be accessed
> sequentially, or can we jump to any random page?
We should be able support random page access. But I think we could
support the ability to go backwards from the current page without random
access support.
>
> Also if I understood correctly the LDAP connections are made using
> user credentials, not Directory Manager, so things like
> nsslapd-sizelimit will apply. Does it mean a non-admin cannot browse
> the entire directory?
in 1.2.10 we have different limits for paged result searches:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
More information about the Freeipa-devel
mailing list