mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-sdk/opendj-server-legacy/src/main/docbkx/admin-guide/chap-resource-limits.xml
@@ -279,4 +279,27 @@ <para>The example shown sets the maximum request size on the LDAP connection handler to 20 MB.</para> </section> <section xml:id="limits-and-proxied-authz"> <title>Resource Limits and Proxied Authorization</title> <para> Proxied authorization uses a standard LDAP control to permit an application to bind as one user and then carry out LDAP operations on behalf of other users. </para> <para> When using proxied authorization as described in the section on <link xlink:href="server-dev-guide#proxied-authz" xlink:role="http://docbook.org/xlink/role/olink" xlink:show="new" ><citetitle>Configuring Proxied Authorization</citetitle></link> know that the resource limits do not change when the user proxies as another user. In other words, resource limits depend on the bind DN, not the proxy authorization identity. </para> </section> </chapter> opendj-sdk/opendj-server-legacy/src/main/docbkx/server-dev-guide/chap-ldap-operations.xml
@@ -1474,6 +1474,25 @@ </step> </procedure> <note> <para> When you configure resource limits as described in the chapter on <link xlink:href="admin-guide#chap-resource-limits" xlink:role="http://docbook.org/xlink/role/olink" xlink:show="new" ><citetitle>Setting Resource Limits</citetitle></link>, know that the resource limits do not change when the user proxies as another user. In other words, resource limits depend on the bind DN, not the proxy authorization identity. In the examples in the procedure <xref linkend="setup-proxied-authz" /> the resource limits would be those set for <literal>cn=My App,ou=Apps,dc=example,dc=com</literal>, not <literal>uid=kvaughan,ou=People,dc=example,dc=com</literal>. </para> </note> <para>If you need to map authorization identifiers using the <literal>u:</literal> form rather than using <literal>dn:</literal>, you can set the identity mapper with the global configuration setting,
