ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahysearchpar.htm

146 lines
7.9 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Search parameters</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<img src="delta.gif" alt="Start of change" />
<a name="rzahysearchpar"></a>
<h2 id="rzahysearchpar">Search parameters</h2>
<p>To limit the amount of resources used by the server, an administrator can
set search parameters to restrict users' search capabilities. Search capabilities
can also be extended for special users. User searches can be restricted or
extended using these methods:</p>
<p><span class="bold">Restrict search</span></p>
<ul>
<li>Paged search</li>
<li>Sorted search</li>
<li>Disable alias dereferencing</li></ul>
<p><span class="bold">Extend search</span></p>
<ul>
<li>Search limit groups</li></ul>
<p><span class="bold">Paged search</span></p>
<p>Paged results allow a client to manage the amount of data returned from
a search request. A client can request a subset of entries (a page) instead
of receiving all the results from the server at once. Subsequent search requests
return the next page of results until the operation is canceled or the last
result is returned. The administrator can restrict its use by only allowing
administrators to use it.</p>
<p><span class="bold">Sorted search</span></p>
<p>Sorted search allows a client to receive search results sorted by a list
of criteria, where each criterion represents a sort key. This moves the responsibility
of sorting from the client application to the server. The administrator can
restrict its use by only allowing administrators to use it.</p>
<p><span class="bold">Disable alias dereferencing</span></p>
<p>A directory entry with objectclass of alias or aliasObject contains the
attribute aliasedObjectName, which is used to reference another entry in the
directory. Only search requests can specify if aliases are dereferenced. <span class="italic">Dereferencing</span> means to trace the alias back to the original
entry. The IBM Directory Server response time for searches with the alias
dereferencing option set to <span class="bold">always</span> or <span class="bold">search</span> might be significantly longer than that of searches with dereferencing
option set to <span class="bold">never</span>, even if no alias entries
exist in the directory. Two settings determine the server's alias dereference
behavior: the dereferencing option specified by the client's search request
and the dereference option as configured in the server by the administrator.
If configured to do so, the server can automatically bypass alias dereferencing
if no alias objects exist in the directory as well as override the dereference
option specified in client search requests. The following table describes
how alias dereferencing is hashed between the client and the server.</p>
<a name="wq40"></a>
<table id="wq40" width="100%" summary="" border="1" frame="border" rules="all">
<caption>Table 2. Actual alias dereferencing based on client and server settings</caption>
<thead valign="bottom">
<tr>
<th id="wq41" width="33%" align="left" valign="top">Server</th>
<th id="wq42" width="33%" align="left" valign="top">Client</th>
<th id="wq43" width="33%" align="left" valign="top">Actual</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td valign="top" headers="wq41">never</td>
<td valign="top" headers="wq42">any setting</td>
<td headers="wq43">never</td>
</tr>
<tr>
<td headers="wq41">always</td>
<td headers="wq42">any setting</td>
<td headers="wq43">the client's setting</td>
</tr>
<tr>
<td headers="wq41">any setting</td>
<td headers="wq42">always</td>
<td headers="wq43">the server's setting</td>
</tr>
<tr>
<td headers="wq41">search</td>
<td headers="wq42">find</td>
<td headers="wq43">never</td>
</tr>
<tr>
<td headers="wq41">find</td>
<td headers="wq42">search</td>
<td headers="wq43">never</td>
</tr>
</tbody>
</table>
<p><span class="bold">Search limit groups</span></p>
<p>An administrator can create search limit groups that can have more flexible
search limits than the general user. The individual members or groups contained
in the search limit group are granted less restrictive search limits than
those imposed on general users.</p>
<p>When a user initiates a search, the search request limitations are first
checked. If a user is a member of a search limit group, the limitations are
compared. If the search limit group limitations are higher than those of the
search request, the search request limitations are used. If the search request
limitations are higher than those of the search limit group, the search limit
group limitations are used. If no search limit group entries are found, the
same comparison is made against the server search limitations. If no server
search limitations have been set, the comparison is made against the default
server setting. The limitations used are always the lowest settings in the
comparison.</p>
<p>If a user belongs to multiple search limit groups, the user is granted
up to the highest level of search capability. For example, the user belongs
to search group 1, which grants search limits of search size 2000 entries
and search time of 4000 seconds, and to search group 2, which grants search
limits of search size unlimited entries and a search time of 3000 seconds.
The user has the search limitations of search size unlimited and search time
of 4000 seconds.</p>
<p>Search limit groups can be stored under either localhost or IBMpolicies.
Search limit groups under IBMpolicies are replicated; those under localhost
are not. You can store the same search limit group under both localhost and
IBMpolicies. If the search limit group is not stored under one of these DNs,
the server ignores the search limit part of the group and treats it as a normal
group.</p>
<p>When a user initiates a search, the search limit group entries under localhost
are checked first. If no entries are found for the user, the search limit
group entries under IBMpolicies are then searched. If entries are found under
localhost, the search limit group entries under IBMpolicies are not checked.
The search limit group entries under localhost have priority over those under
IBMpolicies.</p>
<p>For more information on search parameters, see:</p>
<ul>
<li><a href="rzahysearch-pi.htm#rzahysearch-pi">Adjust search settings</a></li>
<li><a href="rzahysearchentry.htm#rzahysearchentry">Search the directory entries</a></li>
<li><a href="rzahymansearchgroup.htm#rzahymansearchgroup">Manage search limit groups</a></li></ul><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>