LDAP Server Restrictions

Use this page to configure or enable the following server-specific properties.

Search Entry Limit
Defines the maximum number of objects for which the LDAP server will return data. If the search criteria for a request identifies more than the specified number of objects, the LDAP server returns object data until the Search Entry Limit value is reached. When the limit is reached, the LDAP server sends a search result done with a "size limit exceeded" message and considers the request complete. If the Search Entry Limit is set to zero, there is no limit on the number of objects for which the LDAP server will return data.

Default: 0

Minimum: 0

Maximum: 2,147,483,647

Note: The LDAP client can also set a limit.

Search Time Limit
Defines the maximum amount of time in seconds that the LDAP server will use to return data. When the limit is reached, the LDAP server sends a search result done with a "time limit exceeded" message and considers the request complete. If the Search Time Limit is set to zero, there is no limit on the amount of time the LDAP server will use to return data.

Default: 0 seconds

Minimum: 0 second

Maximum: 2,147,483,647 seconds

Bind Limit
Defines the maximum number of simultaneous LDAP binds (or connections) an LDAP server can support. If the Bind Limit is set to zero, there is no limit on the number of binds.

When the Bind Limit is set to a number other than zero, the LDAP server accepts binds until the bind limit is reached. Then it rejects additional binds until the total number of binds drops below the bind limit.

Default: 0

Minimum: 0

Maximum: 2,147,483,647

Note: Each user request requires approximately 160 KB of memory on the server. Unlike eDirectory, in which a client can submit only one request at a time per connection, LDAP users can submit multiple requests. If your server is using most of its available memory before you install LDAP Services for eDirectory, you will need to install more memory or set the Bind Limit so that the available memory limits are not exceeded. If memory is exceeded, LDAP clients will get operation errors. If the bind limit is exceeded, LDAP clients will get connection refused errors.

Idle Timeout
Defines the maximum amount of time in seconds that an LDAP connection can be inactive. If the Idle Timeout is set to zero, there is no limit on idle connections.

If the Idle Timeout is set to a number other than zero, the server disconnects inactive connections after the specified amount of time.

Once a client has been disconnected, the client must repeat the bind process to reconnect to the server.

Default: 0 seconds

Minimum: 0 seconds

Maximum: 2,147,483,647 seconds

Bind Restrictions

None
Specifies no login restrictions.

Disallow Anonymous Simple Bind
Prevents users from logging in to the LDAP server without specifying a username and password. This option is useful if you want to avoid allowing anonymous or public access to the directory through LDAP.

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.