[Freeipa-users] DNS search timeouts and incomplete results

Mike Driscoll mike.driscoll at oracle.com
Tue Dec 13 16:47:15 UTC 2016 

Thanks Martin.  That is the cause...

$ ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep nsslapd-sizelimit
Enter LDAP Password: 
nsslapd-sizelimit: 2000

This command results in a similar problem that only 100 of 270 record names were returned.
$  ipa dnsrecord-find mydomain.com qa

If I specify these limits, I get all 270 records as expected.
$  ipa dnsrecord-find mydomain.com qa --sizelimit=10000 --timelimit=20

I have the impression this default size limit meets most needs.  Is my approach wrong when wanting to dump the entire DNS list of records via ipa dnsrecord-find?

Mike


> On Dec 13, 2016, at 08:17, Martin Basti <mbasti at redhat.com> wrote:
> 
> Tomas already replied to you, copying here as archives are currently offline to prevent spam
> 
> """
> 
> Hi,
> 
> you seem to be hitting the size limit on LDAP side. To verify, check
> 
> ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep nsslapd-sizelimit
> 
> If you really need to increase this size limit, you will have to modify the nsslapd-sizelimit in cn=config.
> 
> """
> 
> Martin
> 
> 
> On 13.12.2016 17:06, Mike Driscoll wrote:
>> Any thoughts about this sizelimit bug?
>> 
>> Mike
>> 
>> 
>> 
>>> On Nov 28, 2016, at 14:44, Mike Driscoll <mike.driscoll at oracle.com> wrote:
>>> 
>>> I'm running:
>>> # rpm -qa | grep ipa-server
>>> ipa-server-4.4.0-12.0.1.el7.x86_64
>>> ipa-server-dns-4.4.0-12.0.1.el7.noarch
>>> ipa-server-common-4.4.0-12.0.1.el7.noarch
>>> 
>>> Searching DNS for all hostnames containing "qa" times out in the GUI.  Setting aside the option to change server defaults, this cli command isn't giving me the content I need:
>>> 
>>> # ipa dnsrecord-find mydomain.com --sizelimit=10000 --timelimit=20 | grep qa
>>> ipa: WARNING: Search result has been truncated: Configured size limit exceeded
>>> 
>>> It seems like the sizelimit parameter greater than two thousand is being ignored:
>>> 
>>> # ipa dnsrecord-find mydomain.com --sizelimit=1900 --timelimit=20
>>> ...
>>> -------------------------------
>>> Number of entries returned 1900
>>> -------------------------------
>>> 
>>> # ipa dnsrecord-find mydomain.com --sizelimit=2100 --timelimit=20
>>> ...
>>> -------------------------------
>>> Number of entries returned 2000
>>> -------------------------------
>>> 
>>> Any suggestions?
>>> 
>>> Mike
>> 
>

More information about the Freeipa-users mailing list