[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-devel
Subject: Re: commit: ldap/servers/slapd config.c proto-slap.h schema_init.c
From: Hallvard B Furuseth <h.b.furuseth () usit ! uio ! no>
Date: 2004-09-29 16:45:05
Message-ID: HBF.20040929jjx4 () bombur ! uio ! no
[Download RAW message or body]
I should have mentioned that I don't see any problem with implementing
the suggested feature as an option, and documenting in the 'index ...'
description that substring searches can revert to presence searches.
Making it a default should probably not be done in a minor version, and
it might be best to announce the change.
Howard Chu writes:
>>> The unchecked limit would make (mail=*foo*) fail at
>>> once, while (mail=*) might narrow it down enough that the server would
>>> then trawl through a lot of entries - often only to fail to find
>>> anything.
>
> Nobody can predict whether such a search would more often fail or
> succeed, that conclusion is unsupportable.
Checking the Statslog() output helps.
Though I notice what I said isn't quite true; I forgot to mention
one other problem: Returning too many uninteresting entries.
> I'm somewhat opposed to
> setting up mechanisms that prevent a user from retrieving data that
> exists and the user is authorized to access.
Well, you'll notice one major reason for trying this is as a service to
the users:-)
As for privacy protection, whether or not some personal information is
accessible is not the only factor for whether the service which provides
that is acceptable - other factors are e.g. how easily outsiders can
retrieve a dump of the entire database, and what it is possible to
search for.
> But since refining the
> search (with longer search strings) should allow the search to progress,
> I guess I don't care too strongly about it.
--
Hallvard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic