Role-Based Limits
If roles are set up, you can apply operational limits to a role. All members of that role inherit the limits that you have set. This limit works for both static and dynamic roles.
cad1214
If roles are set up, you can apply operational limits to a role. All members of that role inherit the limits that you have set. This limit works for both static and dynamic roles.
Role-based limits are applied to each connection, which means that any changes to these limits do not take effect until the users reconnect.
Because role-based configuration is set using attributes, you do not need to restart the DSA for the change to take effect.
How Role-Based Limits Work
If role-based limits are set up, the following actions happen when a user binds to the directory:
- The user binds to the DSA.
- During the bind, the DSA checks whether the user is a member of a role.
- If the user is a member of a role that has limits, these limits are stored against the active connection.If a user has multiple roles, each with limits, then the largest values are used.If no role-based limits apply to a user, then the limits in the DSA apply.
- Every search that is performed on the connection uses these limits.
Apply Operational Limits to a Role
You can set different operational limits for each role. Because role-based limits are set using attributes, you do not need to restart the DSA for the change to take effect.
To apply operational limits to a role
- Add the object classdxRoleBasedConfigto the role entry.
- Set one or both of the following limits:
- Add the attributedxSizeLimitto the role entry and change the value to the maximum number of entries that a search returns.
- Add the attributedxTimeLimitto the role entry and change the value to the time (in seconds) before the operation is canceled.
- Save the changes to the role entry.The new operational limits apply to users with that role when they next connect to the directory.
Example Add Limits to an Existing Role
This example shows how to use JXweb to add new limits to an existing role in the Democorp directory.
This example assumes that the dynamic role
Engineer
is already set up.To add limits to the dynamic role
Engineer
- Open JXweb and connect to the Democorp directory.
- Navigate to the Engineer entry, and select it.The Engineers entry appears in the right pane.
- Click the Edit icon next to either of the object classes.The Add or Remove Object Classes page appears.
- Scroll down the Available list to find thedxRoleBasedConfigobject class.
- Select this class and then use the arrow to add it to the entry.
- Click Submit, and click OK in the message box that appears.The entry now includes thedxRoleBasedConfigobject class. You now must add values to one or both of thedxSizeLimitanddxTimeLimitattributes.
- Display the attributes without values by clicking the arrow next toList of attributes without values, as shown in the following screenshot:
- Set limits for this role by using one of the following steps:
- Click the Edit icon next to thedxSizeLimitattribute, specify the number of entries, and then click Modify.
- Click the Edit icon next to thedxTimeLimitattribute, specify a time in seconds, and then click Modify.
- To set a value for the other attribute, repeat Steps 5-8.