[389-users] 389DS ignoring nsslapd-sizelimit
Noriko Hosoi
nhosoi at redhat.com
Thu Jul 1 19:04:18 UTC 2010
Which configuration entry does your nsslapd-sizelimit belong to?
nsslapd-sizelimit: 50000
Is it in "dn: cn=config"?
http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.html#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit
Thanks,
--noriko
On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:
> Hi
>
> We have just realized that our servers are ignoring the parameter
> nsslapd-sizelimit. If we do a search of the entire directory (about
> 50000 entries), we have a size limit exceeded:
>
> # ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D
> "uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W
> [....]
> Size limit exceeded (4)
>
>
> These are the messages in the access log:
>
> [01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection
> from 127.0.0.1 to 127.0.0.1
> [01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES
> [01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
> dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3
> [01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"
> [01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
> scope=2 filter="(objectClass=*)" attrs=ALL
> [01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
> nentries=2000 etime=3
> [01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND
> [01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1
>
>
> Although we have configured a size limit of 50000:
>
> # egrep
> "(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit:)"
> /etc/dirsrv/slapd-pruebas/dse.ldif
> nsslapd-sizelimit: 50000
> nsslapd-lookthroughlimit: 50000
> nsslapd-idlistscanlimit: 50000
>
> Any idea about what is happening?
>
> Regards.
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100701/9430ab67/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6646 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100701/9430ab67/attachment.p7s>
More information about the 389-users
mailing list