Role-Based Limits

If roles are set up, you can apply operational limits to a role. All members of that role inherit the limits that you have set. This limit works for both static and dynamic roles.
cad1214
If roles are set up, you can apply operational limits to a role. All members of that role inherit the limits that you have set. This limit works for both static and dynamic roles.
Role-based limits are applied to each connection, which means that any changes to these limits do not take effect until the users reconnect.
Because role-based configuration is set using attributes, you do not need to restart the DSA for the change to take effect.
How Role-Based Limits Work
If role-based limits are set up, the following actions happen when a user binds to the directory:
  1. The user binds to the DSA.
  2. During the bind, the DSA checks whether the user is a member of a role.
  3. If the user is a member of a role that has limits, these limits are stored against the active connection.
    If a user has multiple roles, each with limits, then the largest values are used.
    If no role-based limits apply to a user, then the limits in the DSA apply.
  4. Every search that is performed on the connection uses these limits.
Apply Operational Limits to a Role
You can set different operational limits for each role. Because role-based limits are set using attributes, you do not need to restart the DSA for the change to take effect.
To apply operational limits to a role
  1. Add the object class
    dxRoleBasedConfig
    to the role entry.
  2. Set one or both of the following limits:
    • Add the attribute
      dxSizeLimit
      to the role entry and change the value to the maximum number of entries that a search returns.
    • Add the attribute
      dxTimeLimit
      to the role entry and change the value to the time (in seconds) before the operation is canceled.
  3. Save the changes to the role entry.
    The new operational limits apply to users with that role when they next connect to the directory.
Example Add Limits to an Existing Role
This example shows how to use JXweb to add new limits to an existing role in the Democorp directory.
This example assumes that the dynamic role
Engineer
is already set up.
To add limits to the dynamic role
Engineer
  1. Open JXweb and connect to the Democorp directory.
  2. Navigate to the Engineer entry, and select it.
    The Engineers entry appears in the right pane.
  3. Click the Edit icon next to either of the object classes.
    The Add or Remove Object Classes page appears.
  4. Scroll down the Available list to find the
    dxRoleBasedConfig
    object class.
  5. Select this class and then use the arrow to add it to the entry.
  6. Click Submit, and click OK in the message box that appears.
    The entry now includes the
    dxRoleBasedConfig
    object class. You now must add values to one or both of the
    dxSizeLimit
    and
    dxTimeLimit
    attributes.
  7. Display the attributes without values by clicking the arrow next to 
    List of attributes without values
    , as shown in the following screenshot:
    Screenshot of JXweb, showing how to display the attributes that have no values 
  8. Set limits for this role by using one of the following steps:
    • Click the Edit icon next to the
      dxSizeLimit
      attribute, specify the number of entries, and then click Modify.
    • Click the Edit icon  next to the
      dxTimeLimit
      attribute, specify a time in seconds, and then click Modify.
  9. To set a value for the other attribute, repeat Steps 5-8.