[389-users] 389DS ignoring nsslapd-sizelimit
Juan Asensio Sánchez
okelet at gmail.com
Thu Jul 1 13:00:02 UTC 2010
Hi
We have just realized that our servers are ignoring the parameter
nsslapd-sizelimit. If we do a search of the entire directory (about 50000
entries), we have a size limit exceeded:
# ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D
"uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W
[....]
Size limit exceeded (4)
These are the messages in the access log:
[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from
127.0.0.1 to 127.0.0.1
[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"
[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
scope=2 filter="(objectClass=*)" attrs=ALL
[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
nentries=2000 etime=3
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1
Although we have configured a size limit of 50000:
# egrep
"(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit:)"
/etc/dirsrv/slapd-pruebas/dse.ldif
nsslapd-sizelimit: 50000
nsslapd-lookthroughlimit: 50000
nsslapd-idlistscanlimit: 50000
Any idea about what is happening?
Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100701/ce57c1c1/attachment.html>
More information about the 389-users
mailing list