Hello<br><br>Ehmmmmmm, well, you are right. nsslapd-sizelimit is in dn "cn=default instance config,cn=chaining database,cn=plugins,cn=config", not in "cn=config" as it should. I am not sure if the change to was done after or before upgrade from 1.1.3 to 1.2.5, so i don't know if the setting was lost or not. I will verify this when we will upgrade a new server.<br>
<br>Regards, and sorry :).<br><br><br><div class="gmail_quote">2010/7/1 Noriko Hosoi <span dir="ltr"><<a href="mailto:nhosoi@redhat.com">nhosoi@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
Which configuration entry does your nsslapd-sizelimit belong to?<br>
nsslapd-sizelimit: 50000<br>
<br>
Is it in "dn: cn=config"?<br>
<a href="http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.html#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit" target="_blank">http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.html#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit</a><br>
<br>
Thanks,<br>
--noriko<div><div></div><div class="h5"><br>
<br>
On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:
</div></div><blockquote type="cite"><div><div></div><div class="h5">Hi<br>
<br>
We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do a search of the entire directory (about
50000 entries), we have a size limit exceeded:<br>
<br>
# ldapsearch -H <a>ldaps://localhost</a> -x -LLL -b "dc=XXXXX,dc=es" -D
"uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W<br>
[....]<br>
Size limit exceeded (4)<br>
<br>
<br>
These are the messages in the access log:<br>
<br>
[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from
127.0.0.1 to 127.0.0.1<br>
[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES<br>
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3<br>
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"<br>
[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
scope=2 filter="(objectClass=*)" attrs=ALL<br>
[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
nentries=2000 etime=3<br>
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND<br>
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1<br>
<br>
<br>
Although we have configured a size limit of 50000:<br>
<br>
# egrep
"(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit:)"
/etc/dirsrv/slapd-pruebas/dse.ldif<br>
nsslapd-sizelimit: 50000<br>
nsslapd-lookthroughlimit: 50000<br>
nsslapd-idlistscanlimit: 50000<br>
<br>
Any idea about what is happening?<br>
<br>
Regards.<br>
<br>
</div></div><pre><fieldset></fieldset>
--
389 users mailing list
<div class="im"><a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div></pre>
</blockquote>
<br>
</div>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br>