[Freeipa-users] winsync agreement wipes IPA users

Dmitri Pal dpal at redhat.com
Fri Sep 21 15:04:28 UTC 2012 

On 09/21/2012 09:23 AM, Rich Megginson wrote:
> On 09/21/2012 05:21 AM, Martin Kosek wrote:
>> When using bare ldapsearch, you are hitting 389-ds limits - in your case
>> nsslapd-sizelimit. This can be increased either globally or (this
>> seems as a
>> more secure solution) for a user you bind as:
>>
>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>>
>
> Steven, are you saying that winsync only pulled over 2000 out of 5700
> users from AD into IPA? If so, then that's a limit on the winsync user
> that must be increased in AD.
>

Rich, it seems that it might make sense to file an RFE for the winsync
to support paging control.

>
>>
>> Martin
>>
>> On 09/21/2012 04:43 AM, Steven Jones wrote:
>>> Hi,
>>>
>>> It seems IPA has some sort of limit of searching it will only show
>>> the first 2k
>>> of user entries?
>>>
>>> regards
>>>
>>> Steven Jones
>>>
>>> Technical Specialist - Linux RHCE
>>>
>>> Victoria University, Wellington, NZ
>>>
>>> 0064 4 463 6272
>>>
>>> -------------------------------------------------------------------------------
>>>
>>> *From:* Rich Megginson [rmeggins at redhat.com]
>>> *Sent:* Friday, 21 September 2012 11:38 a.m.
>>> *To:* Steven Jones
>>> *Cc:* freeipa-users at redhat.com
>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>
>>> On 09/20/2012 03:52 PM, Steven Jones wrote:
>>>> Hi,
>>>>
>>>> I have imported users, but there are 5700 of them but I only have
>>>> 2000 which
>>>> corresponds to the view that AD gives you by default.  This makes
>>>> me think
>>>> that that limit is all the AD is allowing the query to see?
>>> You can use
>>> https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
>>> what winsync sees when it searches.
>>>> Is there a way to expand it?
>>>>
>>>> regards
>>>>
>>>> Steven Jones
>>>>
>>>> Technical Specialist - Linux RHCE
>>>>
>>>> Victoria University, Wellington, NZ
>>>>
>>>> 0064 4 463 6272
>>>>
>>>> -------------------------------------------------------------------------------
>>>>
>>>> *From:* freeipa-users-bounces at redhat.com
>>>> [freeipa-users-bounces at redhat.com]
>>>> on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
>>>> *Sent:* Friday, 21 September 2012 8:44 a.m.
>>>> *Cc:* freeipa-users at redhat.com
>>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>>
>>>> I have hundreds of disable users in IPA now transferred from AD, is
>>>> there a
>>>> quick/clean way to purge them from IPA?
>>>>
>>>> regards
>>>>
>>>> Steven Jones
>>>>
>>>> Technical Specialist - Linux RHCE
>>>>
>>>> Victoria University, Wellington, NZ
>>>>
>>>> 0064 4 463 6272
>>>>
>>>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list