[389-users] bypassing limits for persistent search and specific user
Rich Megginson
rmeggins at redhat.com
Tue Mar 13 23:12:37 UTC 2012
On 03/13/2012 05:09 PM, Petr Spacek wrote:
> Hello list,
>
> I'm looking for way how to bypass nsslapd-sizelimit and
> nsslapd-timelimit for persistent search made by specific user (or
> anything made by that user).
>
> Please, can you point me to right place in documentation about
> persistent search/user specific settings in 389? I googled for a
> while, but I can't find exact way how to accomplish this.
>
> I found attributes nsSizeLimit and nsTimeLimit in
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html-single/Schema_Reference/index.html#nsPagedSizeLimit
> , but I'm not sure how to deploy them.
>
>
> If bypassing is not possible in 389:
> Is there any way how to enumerate all records from given subtree
> part-by-part? (My guess: VLV or something similar.)
>
> I know only basics about persistent search and next to nothing about
> VLV, so sorry if I'm completely wrong.
>
>
> --- Background / why I needed this / long story ---
> FreeIPA project has LDAP plugin for BIND. This plugin pulls DNS
> records from LDAP database and populates BIND's internal memory with
> them. (Homepage: https://fedorahosted.org/bind-dyndb-ldap/)
>
> This plugin can use persistent search, which enables reflecting
> changes in LDAP inside BIND immediately.
>
> At this moment, plugin after start do persistent search for all DNS
> records. This single query can lead to tens of thousands records - and
> of course fails, because nssldapd-sizelimit stops that.
>
> Another problem arises with databases smaller than sizelimit - query
> is ended after timelimit and has to be re-established. It leads to
> periodical re-downloading whole DNS DB.
>
> Question is:
> It's possible to bypass limits for this connection/user
> OR
> plugin is completely broken by design?
Not specifically for persistent search - see
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>
>
> Thanks for you time.
>
> Petr^2 Spacek @ Red Hat @ Brno office
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list