Administration GuideManage OperationsLimit Operations › Operational Limits

Previous Topic: Example: Add Limits to an Existing Role

Next Topic: Limit the Number of Concurrent Operations

Operational Limits

When you submit a search or list request to the directory, you can specify a maximum time limit and maximum number of entries to be returned.

If the limits defined in the operation are larger than the limits configured in the DSA, then the DSA's limits are enforced.

If the user has a role and limits defined in the operation are larger than the limits configured for the role, then the role's limits are enforced.

Example: Send a Limited Search to a DSA with Limits in Its Configuration

In this example, you send a search request to a DSA that also has limits set in its configuration.

The DSA has the following limits set:

set max-op-time = 60;
set max-op-size = 100;

You want to search this DSA for all entries below a base DN that have the sn attribute populated. You want to limit the search to 1000 seconds and a maximum of 10,000 entries to be returned.

  1. Use the DXsearch tool to submit the following request to the DSA, specifying size and time limits: 
    dxsearch -s sub -b base-DN -l 1000 -z 10000 -h hostname -p port-number "(sn=*)"

    If you try this yourself, ensure that you replace the values for the -b, -h, and -p options.

  2. The DSA processes the search.
  3. When 100 entries have been found, the DSA stops the operations, and returns the following error to the LDAP client application: 
    Partial Outcome Qualifier:
Limit Problem: Admin limit exceeded