<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 05/17/2016 12:49 PM, Ludwig Krispenz
wrote:<br>
</div>
<blockquote cite="mid:573AF728.6020302@redhat.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 05/16/2016 11:19 PM, Giuseppe
Sarno wrote:<br>
</div>
<blockquote
cite="mid:65F212C00E7D9244933A5F61416B3089341D7956@mbx025-wd-ca-2.exch025.domain.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal">I am new to freeIPA and I am recently
working on a project to integrate freeIPA with some legacy
application which uses LDAP for user management. <o:p></o:p></p>
<p class="MsoNormal">I have initially created our own ldap
structure and I tried to run the code against freeIPA/389DS.
While running this example I noticed that 389DS takes quite
some time to load profile data from the different ldap nodes
(~2000 entries). In a previous prototype using OpenDJ we had
to increase the parameter <span style="color:black">
ds-cfg-size-limit: to ~1000 with good results. I am
wondering now whether we can do the same for the
freeIPA/389DS server. I found the following pages but I
could not work out what the exact command should be to
modify those parameters. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html">http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html</a><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">I attempted the
following but received a ObjectClass violation:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">[centos@ldap-389ds-ireland
~]$ ldapmodify -h ldap-389ds-ip -D "cn=Directory Manager"
-w '<password>' -f slimit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">modifying entry
"dc=ldap,dc=adeptra,dc=com"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">ldap_modify:
Object class violation (65)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">
additional info: attribute "nsslapd-sizelimit" not allowed<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">slimit:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">dn:
dc=ldap,dc=example,dc=com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">changetype:
modify<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">add:nsslapd-sizelimit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">nsslapd-sizelimit:
1000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Segoe
UI","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">I also
attempted using a user dn but with the same result.</span></p>
</div>
</blockquote>
the example in the doc is unfortunately incorrect, </blockquote>
in the latest doc it is corected:
<a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line">https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line</a><br>
<blockquote cite="mid:573AF728.6020302@redhat.com" type="cite">nsslapd-sizelimit
is the general limit in cn=config, the attribute per user is
nsSizeLimit ( as used in the text in teh doc). <br>
And you have to add it to a user used for binding<br>
<blockquote
cite="mid:65F212C00E7D9244933A5F61416B3089341D7956@mbx025-wd-ca-2.exch025.domain.local"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">Can anybody
help ? <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:black">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Giuseppe.<br>
</span> <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac
(Adeptra) Limited (Co. No. 03295455) are registered in England
and Wales and have a registered office address of Cottons
Centre, 5th Floor, Hays Lane, London, SE1 2QP.<br>
<br>
This email and any files transmitted with it are confidential,
proprietary and intended solely for the individual or entity to
whom they are addressed. If you have received this email in
error please delete it immediately. <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Red Hat GmbH, <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Red Hat GmbH, <a class="moz-txt-link-freetext" href="http://www.de.redhat.com/">http://www.de.redhat.com/</a>, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill</pre>
</body>
</html>