[Freeipa-users] winsync agreement wipes IPA users

Martin Kosek mkosek at redhat.com
Fri Sep 21 11:21:01 UTC 2012 

When using bare ldapsearch, you are hitting 389-ds limits - in your case
nsslapd-sizelimit. This can be increased either globally or (this seems as a
more secure solution) for a user you bind as:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html

Martin

On 09/21/2012 04:43 AM, Steven Jones wrote:
> Hi,
> 
> It seems IPA has some sort of limit of searching it will only show the first 2k
> of user entries?
> 
> regards
> 
> Steven Jones
> 
> Technical Specialist - Linux RHCE
> 
> Victoria University, Wellington, NZ
> 
> 0064 4 463 6272
> 
> -------------------------------------------------------------------------------
> *From:* Rich Megginson [rmeggins at redhat.com]
> *Sent:* Friday, 21 September 2012 11:38 a.m.
> *To:* Steven Jones
> *Cc:* freeipa-users at redhat.com
> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
> 
> On 09/20/2012 03:52 PM, Steven Jones wrote:
>> Hi,
>>
>> I have imported users, but there are 5700 of them but I only have 2000 which
>> corresponds to the view that AD gives you by default.  This makes me think
>> that that limit is all the AD is allowing the query to see?
> 
> You can use https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
> what winsync sees when it searches.
>>
>> Is there a way to expand it?
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> -------------------------------------------------------------------------------
>> *From:* freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com]
>> on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
>> *Sent:* Friday, 21 September 2012 8:44 a.m.
>> *Cc:* freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>
>> I have hundreds of disable users in IPA now transferred from AD, is there a
>> quick/clean way to purge them from IPA?
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>>

More information about the Freeipa-users mailing list