[Freeipa-users] winsync agreement wipes IPA users

Rich Megginson rmeggins at redhat.com
Fri Sep 21 15:07:55 UTC 2012 

On 09/21/2012 09:04 AM, Dmitri Pal wrote:
> On 09/21/2012 09:23 AM, Rich Megginson wrote:
>> On 09/21/2012 05:21 AM, Martin Kosek wrote:
>>> When using bare ldapsearch, you are hitting 389-ds limits - in your case
>>> nsslapd-sizelimit. This can be increased either globally or (this
>>> seems as a
>>> more secure solution) for a user you bind as:
>>>
>>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>>>
>> Steven, are you saying that winsync only pulled over 2000 out of 5700
>> users from AD into IPA? If so, then that's a limit on the winsync user
>> that must be increased in AD.
>>
> Rich, it seems that it might make sense to file an RFE for the winsync
> to support paging control.

AD supports the paging control?  And this allows you to get around the 
search limit?

>
>>> Martin
>>>
>>> On 09/21/2012 04:43 AM, Steven Jones wrote:
>>>> Hi,
>>>>
>>>> It seems IPA has some sort of limit of searching it will only show
>>>> the first 2k
>>>> of user entries?
>>>>
>>>> regards
>>>>
>>>> Steven Jones
>>>>
>>>> Technical Specialist - Linux RHCE
>>>>
>>>> Victoria University, Wellington, NZ
>>>>
>>>> 0064 4 463 6272
>>>>
>>>> -------------------------------------------------------------------------------
>>>>
>>>> *From:* Rich Megginson [rmeggins at redhat.com]
>>>> *Sent:* Friday, 21 September 2012 11:38 a.m.
>>>> *To:* Steven Jones
>>>> *Cc:* freeipa-users at redhat.com
>>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>>
>>>> On 09/20/2012 03:52 PM, Steven Jones wrote:
>>>>> Hi,
>>>>>
>>>>> I have imported users, but there are 5700 of them but I only have
>>>>> 2000 which
>>>>> corresponds to the view that AD gives you by default.  This makes
>>>>> me think
>>>>> that that limit is all the AD is allowing the query to see?
>>>> You can use
>>>> https://github.com/richm/scripts/blob/master/dirsyncctrl.py to test
>>>> what winsync sees when it searches.
>>>>> Is there a way to expand it?
>>>>>
>>>>> regards
>>>>>
>>>>> Steven Jones
>>>>>
>>>>> Technical Specialist - Linux RHCE
>>>>>
>>>>> Victoria University, Wellington, NZ
>>>>>
>>>>> 0064 4 463 6272
>>>>>
>>>>> -------------------------------------------------------------------------------
>>>>>
>>>>> *From:* freeipa-users-bounces at redhat.com
>>>>> [freeipa-users-bounces at redhat.com]
>>>>> on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
>>>>> *Sent:* Friday, 21 September 2012 8:44 a.m.
>>>>> *Cc:* freeipa-users at redhat.com
>>>>> *Subject:* Re: [Freeipa-users] winsync agreement wipes IPA users
>>>>>
>>>>> I have hundreds of disable users in IPA now transferred from AD, is
>>>>> there a
>>>>> quick/clean way to purge them from IPA?
>>>>>
>>>>> regards
>>>>>
>>>>> Steven Jones
>>>>>
>>>>> Technical Specialist - Linux RHCE
>>>>>
>>>>> Victoria University, Wellington, NZ
>>>>>
>>>>> 0064 4 463 6272
>>>>>
>>>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list