Description of problem: There is a web form on the CA subsystem that allows end users to search the CA's database for other users, certificate, and other information. Some users who have not been trained to properly user the web form may request an LDAP query that will take a very long time to complete and will consume CA resources. Users are able to tax the CA because the web-form searches using privileges of the administrator. If that function ran as a different user, it would be possible to put timeout limits on searches to prevent intentional or unintentional draining of CA resources.
Is performance issue 8.0?
This may require some heavy lifting. Putting it on the 8.1 radar.