On Wed, 2011-10-26 at 14:07 -0500, Endi Sukma Dewata wrote: > On 10/26/2011 1:43 PM, Martin Kosek wrote: > >> I think we probably need 2 different size limits: one for regular > >> queries (set on LDAP server) and the other for pulling primary keys > >> (maintained by IPA server). > >> > >> Suppose we have a system with 5000 users, we need to be able to pull all > >> 5000 primary keys. But for regular queries we probably still want to > >> keep a smaller limit. > > > > This is true, but I am not sure how can we help on server side with > > this. Limits are something that CLI user or Web UI should control via > > --sizelimit and --timelimit parameters and the config-mod setting I > > referred to. Can you use --pkey-only, --sizelimit and --timelimit > > parameters to manage large data sets in WebUI or would you need another > > tweak? > > The UI can add a --sizelimit param with a bigger limit, but if the limit > is stored in the UI it will be static. The UI can provide an interface > to change it but it's only temporary and specific to one browser. > > > What we can do is to make sure that all our *-find commands have > > --sizelimit and --timelimit parameters. I see that for example > > delegation-find does not have one. > > I think it's better to store this limit on the server. When the server > receives a *-find command with --pkey-only it will add this size limit > by default. >
IIUC your idea is to have 2 new config-mod options like this: # ipa config-show --all ... Search time limit: 2 Search size limit: 100 Search time limit with pkey-only: 10 Search size limit with pkey-only: 5000 Hm, I am still not sold for this behavior. I don't think that user would expect that when he asks for smaller data package via --pkey-only we would silently undercover change --sizelimit and --timelimit parameters to different value than he is used to. I would you a second opinion on this. Rob? Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
