[Freeipa-users] Can't set nsslapd-sizelimit
Ludwig Krispenz
lkrispen at redhat.com
Tue May 17 10:49:12 UTC 2016
On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
>
> Hello,
>
> I am new to freeIPA and I am recently working on a project to
> integrate freeIPA with some legacy application which uses LDAP for
> user management.
>
> I have initially created our own ldap structure and I tried to run the
> code against freeIPA/389DS. While running this example I noticed that
> 389DS takes quite some time to load profile data from the different
> ldap nodes (~2000 entries). In a previous prototype using OpenDJ we
> had to increase the parameter ds-cfg-size-limit: to ~1000 with good
> results. I am wondering now whether we can do the same for the
> freeIPA/389DS server. I found the following pages but I could not work
> out what the exact command should be to modify those parameters.
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>
> http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
>
> I attempted the following but received a ObjectClass violation:
>
> [centos at ldap-389ds-ireland ~]$ ldapmodify -h ldap-389ds-ip -D
> "cn=Directory Manager" -w '<password>' -f slimit
>
> modifying entry "dc=ldap,dc=adeptra,dc=com"
>
> ldap_modify: Object class violation (65)
>
> additional info: attribute "nsslapd-sizelimit" not allowed
>
> slimit:
>
> dn: dc=ldap,dc=example,dc=com
>
> changetype: modify
>
> add:nsslapd-sizelimit
>
> nsslapd-sizelimit: 1000
>
> I also attempted using a user dn but with the same result.
>
the example in the doc is unfortunately incorrect, nsslapd-sizelimit is
the general limit in cn=config, the attribute per user is nsSizeLimit (
as used in the text in teh doc).
And you have to add it to a user used for binding
>
> Can anybody help ?
>
> Thanks,
>
> Giuseppe.
>
>
> Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac
> (Adeptra) Limited (Co. No. 03295455) are registered in England and
> Wales and have a registered office address of Cottons Centre, 5th
> Floor, Hays Lane, London, SE1 2QP.
>
> This email and any files transmitted with it are confidential,
> proprietary and intended solely for the individual or entity to whom
> they are addressed. If you have received this email in error please
> delete it immediately.
>
>
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160517/fbd9fb04/attachment.htm>
More information about the Freeipa-users
mailing list