Re: Further thoughts on LDAP

From: Brian Stafford <brian stafford uklinux net>
To: Heber Farnsworth <FARNSWORTH olin wustl edu>
Cc: balsa-list gnome org
Subject: Re: Further thoughts on LDAP
Date: Wed, 18 Jul 2001 08:34:14 +0100

On Wed, 18 July 04:46 Heber Farnsworth wrote:
> I've been researching LDAP a bit and I think the implementation in Balsa
> has a problem in it's design (I'm no expert so take what I say with a grain
> of salt).
> 
> In Balsa when you open and LDAP addressbook Balsa makes a query before you
> even type in the search box.  This fails on my system (and I presume some
> others as well) because the server administrator has limited the number of
> entries that may be returned.  This is a good thing because it keeps the
> server from being vulnerable to stupid (even accidental) DOS attacks.
> 
> It seems better to reverse operations.  When the LDAP addressbook is opened
> don't search until a certain number of characters have been entered or
> until some button (labeled search) or until user hits ENTER.  This is how
> Netscape's addressbook works and I think it makes the most sense.

I agree.  LDAP is a searching protocol, not a key-value rerieval service.
This means that every time a question is sent to a server it potentially
must search the entire database below the search root to return an answer
(although real implementations will be more optimal).  If queries are
being sent at the rate the user types and searches take more than a few
hundred milliseconds to a response there will be problems.

I have implemented an LDAP client (commercial) where the UI has a
drop down box of standard query templates, labelled things like
"Name" "Surname" "Organisation" etc.  The contents of the search box (on
enter or pressing a search button) are combined with the template and the
resulting filter sent to the server.  The filter results are displayed
and the user selects items from this list for use by the rest of the
application.  This is heavily influenced by the NS ui and seems intuitive
to those who use it.

In this style of interface if the serach is too general there will either
be no results or the results will be truncated.  It is then easy to try a
more specific search.  Since a specific action is required to initiate a
search, it's easy to pop up an error box when the "search returned no results"
error code is returned from the LDAP API.  That way the user is getting
some positive feedback to their actions.

> Thoughts?

Yes :)

> Heber

Brian Stafford

References:
- Further thoughts on LDAP
  - From: Heber Farnsworth

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]