Manualshelf

Preparing your LDAP Directory for HP-UX Integration

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
21222324252627282930
23
If you determine you need to adjust the size limit parameter, in a Netscape 4.x Directory Server, the
Netscape Directory Console can be used. Look under the Configuration tab, select the directory server
host name (at the top,) then select the Performance tab.
Timeouts
Another configuration limitation is the time spent serving a request. Although this limit may be harder to
encounter, the results are the same as described above. If a maximum time limit is set for a search request,
then it is possible that an application enumerating the entries in the database may terminate prematurely.
Timeouts can occur on both the server and client side. The Netscape Directory Server can be adjusted as
described above. For the NIS/LDAP Gateway, the timeout parameter can be adjusted in the
/opt/ldapux/ypldapd/etc/ypldapd.conf configuration file. See the "Installing & Administering NIS/LDAP
Gateway" at http://docs.hp.com/hpux/internet.
Look-Through Limit
Some directories allow the Directory Administrator to configure a "look-through" limit. This parameter tells
the directory server that it should examine at most "x" number of entries when performing a search request.
For example, if an LDAP directory is told to search for all the entries that have a telephone prefix of 555, the
directory server will attempt to examine all entries in the directory, filtering out only the entries that have
555 in the telephone number. If an index does not exist for the telephoneNumber attribute, then the server
has no choice but to examine every single entry in the database. If the number of entries in the database is
greater than this look-through limit value, the directory server will give up after it has examined "x" number
of entries. And thus, some matching entries may remain undiscovered.
For searches on indexed attributes, only the entries which match the search criteria count against the look-
through limit. So in the above example, we assumed that telephoneNumber was not indexed. For searches
on indexed attributes, the directory server does not need to examine every entry in the database.
However, the look-through limit can have the same effect as the reply size limit. If a program wants to
enumerate every single posixAccount in the LDAP directory, and there are more accounts in the database
than the size of the look-through limit, then not all entries will be returned.
To assure correct HP-UX application operation the LDAP directory server should be configured with a look-
through limit and size limit parameter greater than the number of entries in the database.
Other Enumeration issues
Each implementation of an LDAP directory server reacts differently to requests for large amounts of data.
And thus, enumeration of a large database can cause unexpected results or problems. Although this
document can not enumerate all the large enumeration issues (because they have yet to be discovered,) here
are some additional issues to consider: