[Freeipa-users] winsync agreement wipes IPA users

Rich Megginson rmeggins at redhat.com
Fri Sep 21 13:23:59 UTC 2012 

On 09/21/2012 05:21 AM, Martin Kosek wrote:
> When using bare ldapsearch, you are hitting 389-ds limits - in your case
> nsslapd-sizelimit. This can be increased either globally or (this seems as a
> more secure solution) for a user you bind as:
>
> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html

Steven, are you saying that winsync only pulled over 2000 out of 5700 
users from AD into IPA? If so, then that's a limit on the winsync user 
that must be increased in AD.


>
> Martin
>
> On 09/21/2012 04:43 AM, Steven Jones wrote:
>> Hi,
>>
>> It seems IPA has some sort of limit of searching it will only show the first 2k
>> of user entries?
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> -------------------------------------------------------------------------------
>> *From:* Rich Megginson [rmeggins at redhat.com]
>> *Sent:* Friday, 21 September 2012 11:38 a.m.
>> *To:* Steven Jones
>> *Cc:* freeipa-users at redhat.com
>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>
>> On 09/20/2012 03:52 PM, Steven Jones wrote:
>>> Hi,
>>>
>>> I have imported users, but there are 5700 of them but I only have 2000 which
>>> corresponds to the view that AD gives you by default.  This makes me think
>>> that that limit is all the AD is allowing the query to see?
>> You can use https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
>> what winsync sees when it searches.
>>> Is there a way to expand it?
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> -------------------------------------------------------------------------------
>>> *From:* freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com]
>>> on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
>>> *Sent:* Friday, 21 September 2012 8:44 a.m.
>>> *Cc:* freeipa-users at redhat.com
>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>
>>> I have hundreds of disable users in IPA now transferred from AD, is there a
>>> quick/clean way to purge them from IPA?
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list