[Freeipa-users] winsync agreement wipes IPA users
Rob Crittenden
rcritten at redhat.com
Wed Sep 26 03:46:30 UTC 2012
Steven Jones wrote:
> Hi,
>
> I dont have a ldapmodify command for changing something in AD.
>
> I have increased the only scope I/we know about which is the return of objects from a search inside the AD gui but that might be specific to that view tool. That is 2000 by default, Ive set 40000, I am testing it now, if that doesn't work....
>
> Our best AD person is currently researching to see if its even possible to alter that hard code in AD. The only way he can see is using a windows/ad specific command line command to modify the internals of AD but he's never seen or read about doing it for this attribute.
Rich knows more about this than me, so maybe he knows what value you're
changing, but I don't. Where exactly in the AD gui are you changing the
value to 40k?
regards
rob
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Wednesday, 26 September 2012 1:31 p.m.
> To: Rich Megginson
> Cc: Steven Jones; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] winsync agreement wipes IPA users
>
> Rich Megginson wrote:
>> On 09/25/2012 03:34 PM, Steven Jones wrote:
>>> Hi,
>>>
>>> I have set the filter size as 20000 for the user and it makes no
>>> difference.
>> Where did you set this? In IPA? In AD? If so, where? How?
>> What does "filter size" mean? To me, it means "the size of an LDAP
>> search filter in an LDAP search request" not "the maximum number of
>> entries returned by a search".
>
> The more details you can provide on what you did the better. This might
> include the exact ldapmodify command, where you entered it in AD, the
> attribute names, whichever is applicable.
>
> regards
>
> rob
>
>
More information about the Freeipa-users
mailing list