[Freeipa-users] winsync agreement wipes IPA users
Natxo Asenjo
natxo.asenjo at gmail.com
Wed Sep 26 14:04:18 UTC 2012
On Wed, Sep 26, 2012 at 5:46 AM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Steven Jones wrote:
>>
>> Hi,
>>
>> I dont have a ldapmodify command for changing something in AD.
>>
>> I have increased the only scope I/we know about which is the return of objects from a search inside the AD gui but that might be specific to that view tool. That is 2000 by default, Ive set 40000, I am testing it now, if that doesn't work....
>>
>> Our best AD person is currently researching to see if its even possible to alter that hard code in AD. The only way he can see is using a windows/ad specific command line command to modify the internals of AD but he's never seen or read about doing it for this attribute.
>
>
sounds like you need to upgrade your MaxPageSize and LDAPAdminLimits
attribute of the Default Query Policy object in the Query-Policies
container. We needed to do this to be able to get more than 1000
objects from AD a long time ago.
The details I used back then were here:
http://technet.microsoft.com/en-us/library/aa998536.aspx
cmd.exe -> ntdsutil.exe (on a domain controller)
At the Ntdsutil.exe command prompt, type LDAP policies, and then press ENTER.
show values [enter]
ldap policy: show values
Policy Current(New)
MaxPoolThreads 4
MaxDatagramRecv 4096
MaxReceiveBuffer 10485760
InitRecvTimeout 120
MaxConnections 5000
MaxConnIdleTime 900
MaxPageSize 1000
MaxQueryDuration 120
MaxTempTableSize 10000
MaxResultSetSize 262144
MaxNotificationPerConn 5
MaxValRange 1500
We want to change MaxPageSize.
First we need to authenticate:
connections [enter]
set creds domain user pwd
connect to domain your.domain
q
then we got to ldap policy
set MaxPageSize to 2000
Commit Changes
quit
quit
--
natxo
More information about the Freeipa-users
mailing list