[389-users] 389DS ignoring nsslapd-sizelimit
Juan Asensio Sánchez
okelet at gmail.com
Tue Jul 6 09:03:40 UTC 2010
Hi
Just one more question. What is the meaning of having nsslapd-sizelimit in
"cn=default instance config,cn=chaining database,cn=plugins,cn=config"? Is
there any search limit in each database?
Regards.
2010/7/2 Noriko Hosoi <nhosoi at redhat.com>
> Thank you for your update. Don't be sorry. I made the same mistake
> before... ;)
>
>
> On 07/02/2010 01:44 AM, Juan Asensio Sánchez wrote:
>
> Hello
>
> Ehmmmmmm, well, you are right. nsslapd-sizelimit is in dn "cn=default
> instance config,cn=chaining database,cn=plugins,cn=config", not in
> "cn=config" as it should. I am not sure if the change to was done after or
> before upgrade from 1.1.3 to 1.2.5, so i don't know if the setting was lost
> or not. I will verify this when we will upgrade a new server.
>
> Regards, and sorry :).
>
>
> 2010/7/1 Noriko Hosoi <nhosoi at redhat.com>
>
>> Which configuration entry does your nsslapd-sizelimit belong to?
>> nsslapd-sizelimit: 50000
>>
>> Is it in "dn: cn=config"?
>>
>> http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.html#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit
>>
>> Thanks,
>> --noriko
>>
>>
>> On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:
>>
>> Hi
>>
>> We have just realized that our servers are ignoring the parameter
>> nsslapd-sizelimit. If we do a search of the entire directory (about 50000
>> entries), we have a size limit exceeded:
>>
>> # ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D
>> "uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W
>> [....]
>> Size limit exceeded (4)
>>
>>
>> These are the messages in the access log:
>>
>> [01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from
>> 127.0.0.1 to 127.0.0.1
>> [01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES
>> [01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND
>> dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3
>> [01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97 nentries=0
>> etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"
>> [01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es"
>> scope=2 filter="(objectClass=*)" attrs=ALL
>> [01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101
>> nentries=2000 etime=3
>> [01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND
>> [01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1
>>
>>
>> Although we have configured a size limit of 50000:
>>
>> # egrep
>> "(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit:)"
>> /etc/dirsrv/slapd-pruebas/dse.ldif
>> nsslapd-sizelimit: 50000
>> nsslapd-lookthroughlimit: 50000
>> nsslapd-idlistscanlimit: 50000
>>
>> Any idea about what is happening?
>>
>> Regards.
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100706/6ac3d1d9/attachment.html>
More information about the 389-users
mailing list