[Fedora-directory-users] strange problem with group of more than 2000 users

basile au siris basile.mathieu at siris.sorbonne.fr
Mon Oct 3 15:38:49 UTC 2005 

thanks
i set the sizelimit to -1 but it don t  works better
i set nssizelimit to -1 of the proxyagent which is used to bind to the 
directory but same result
i look at the logs and when i use id or getent there is directory query
it seems crazy i can t have more than 2000 users in a group
i search the limit of users i can have
basile

Jeff Clowser wrote:

> It could be a limit on the sizes of groups, etc in Solaris.
>
> To check to see if it's LDAP related, look at the ldap access logs for 
> queries related to that group or coming from that machine.  Anyway, 
> 2000 I believe is the default sizelimit for searches, so look for 
> entries with 2000 results, if it's consistently failing at 2000 
> users.  If it's just reading the group with 2000+ static members (1 
> entry), then maybe reading each user individually (1 entry/search), it 
> shouldn't hit a resource limit.  But...  if it reads the group, then 
> searches for all users with that group id, or something similar, it 
> may hit the administrative limits.
>
> For a simple test, you could up the sizelimit (say to 10000 or -1) on 
> the directory server and see if the problem goes away.
>
> If you find something like this, there are a couple ways to fix it:
> 1.  Up your server administrative sizelimit (to a higher number, or -1 
> for unlimited).  This should be a last resort, since it allows anyone 
> (even anonymous) to make unlimited size searches against your 
> directory.  If your directory is large, that could cause problems.
> 2.  If the solaris box is binding as a particular DN to search, you 
> can add the nsSizeLimit to that entry, and set it to a higher value 
> (or -1 for unlimited).
> 3.  If it binds as the end user, you can add nsSizelimit to each user 
> that can log in.  This is a bit more of a pain to do since you have to 
> do it for all users, but is better than increasing the limit for the 
> entire server, in general.
>
> - Jeff
>
> basile au siris wrote:
>
>> hi
>> i have fds 7.1 on solaris 9 and users and group stored in the directory
>> all works fine except for a group of more than 2000 users
>> when i use id or getent system did not recognize the group
>> maybe it s not a fds problem but if someone can give me an idea
>> thanks
>> basile
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

More information about the Fedora-directory-users mailing list