[Freeipa-users] Can't set nsslapd-sizelimit
Martin Babinsky
mbabinsk at redhat.com
Tue May 17 11:30:21 UTC 2016
On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
> Hello,
>
> I am new to freeIPA and I am recently working on a project to integrate
> freeIPA with some legacy application which uses LDAP for user management.
>
> I have initially created our own ldap structure and I tried to run the
> code against freeIPA/389DS. While running this example I noticed that
> 389DS takes quite some time to load profile data from the different ldap
> nodes (~2000 entries). In a previous prototype using OpenDJ we had to
> increase the parameter ds-cfg-size-limit: to ~1000 with good results. I
> am wondering now whether we can do the same for the freeIPA/389DS
> server. I found the following pages but I could not work out what the
> exact command should be to modify those parameters.
>
>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>
>
>
> http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
>
>
>
> I attempted the following but received a ObjectClass violation:
>
>
>
> [centos at ldap-389ds-ireland ~]$ ldapmodify -h ldap-389ds-ip -D
> "cn=Directory Manager" -w '<password>' -f slimit
>
> modifying entry "dc=ldap,dc=adeptra,dc=com"
>
> ldap_modify: Object class violation (65)
>
> additional info: attribute "nsslapd-sizelimit" not allowed
>
>
>
> slimit:
>
> dn: dc=ldap,dc=example,dc=com
>
> changetype: modify
>
> add:nsslapd-sizelimit
>
> nsslapd-sizelimit: 1000
>
>
>
> I also attempted using a user dn but with the same result.
>
>
>
> Can anybody help ?
>
>
>
> Thanks,
>
> Giuseppe.
>
>
>
>
>
> Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac (Adeptra)
> Limited (Co. No. 03295455) are registered in England and Wales and have
> a registered office address of Cottons Centre, 5th Floor, Hays Lane,
> London, SE1 2QP.
>
> This email and any files transmitted with it are confidential,
> proprietary and intended solely for the individual or entity to whom
> they are addressed. If you have received this email in error please
> delete it immediately.
>
>
Hi Guiseppe,
the best way to tweak directory server configuration is this:
1.) stop directory server (systemctl stop dirsrv at EXAMPLE-COM
2.) edit /etc/dirsrv/slapd-EXAMPLE-COM/dse.ldif file:
locate the nsslapd-sizelimit entry and change the value
3.) start directory server (systemctl start dirsrv at EXAMPLE-COM)
You should see the new value if you search for it in the 'cn=config'
subtree which hosts the configuration (not the dc=example,dc=com suffix
you use).
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list