On Wed, 2005-11-23 at 15:14 -0800, Howard Chu wrote: > > It is the as-designed behavior. But you're right, the design is broken > here. Currently all sizelimit checking is done in the individual > backends,
This could be easily fixed: right now, backends just rely on the fact they got to calling send_search_entry() to do sizelimit handling; we should check if the entry was actually sent (and trusting the return value of send_search_entry() would not work, because many callback layers may intervene)... I suspect we'd need to add a special internal result code that says "ACLs prevented sending to client", sort of SLAP_INSUFFICIENT_ACCESS. > while the search ACLs are checked in the frontend. Checking in > the backends means there's a lot of redundant code; it should all be > moved into the frontend. > > Such a change would break the pagedResults implementation in back-bdb. > But that's probably OK, since the pagedResults feature properly belongs > in the frontend as well. That's on the long-term todo list... p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
