[Freeipa-users] Can't set nsslapd-sizelimit
Ludwig Krispenz
lkrispen at redhat.com
Tue May 17 13:51:42 UTC 2016
On 05/17/2016 12:49 PM, Ludwig Krispenz wrote:
>
> On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
>>
>> Hello,
>>
>> I am new to freeIPA and I am recently working on a project to
>> integrate freeIPA with some legacy application which uses LDAP for
>> user management.
>>
>> I have initially created our own ldap structure and I tried to run
>> the code against freeIPA/389DS. While running this example I noticed
>> that 389DS takes quite some time to load profile data from the
>> different ldap nodes (~2000 entries). In a previous prototype using
>> OpenDJ we had to increase the parameter ds-cfg-size-limit: to ~1000
>> with good results. I am wondering now whether we can do the same for
>> the freeIPA/389DS server. I found the following pages but I could not
>> work out what the exact command should be to modify those parameters.
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>>
>> http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
>>
>> I attempted the following but received a ObjectClass violation:
>>
>> [centos at ldap-389ds-ireland ~]$ ldapmodify -h ldap-389ds-ip -D
>> "cn=Directory Manager" -w '<password>' -f slimit
>>
>> modifying entry "dc=ldap,dc=adeptra,dc=com"
>>
>> ldap_modify: Object class violation (65)
>>
>> additional info: attribute "nsslapd-sizelimit" not allowed
>>
>> slimit:
>>
>> dn: dc=ldap,dc=example,dc=com
>>
>> changetype: modify
>>
>> add:nsslapd-sizelimit
>>
>> nsslapd-sizelimit: 1000
>>
>> I also attempted using a user dn but with the same result.
>>
> the example in the doc is unfortunately incorrect,
in the latest doc it is corected:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line
> nsslapd-sizelimit is the general limit in cn=config, the attribute per
> user is nsSizeLimit ( as used in the text in teh doc).
> And you have to add it to a user used for binding
>>
>> Can anybody help ?
>>
>> Thanks,
>>
>> Giuseppe.
>>
>>
>> Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac
>> (Adeptra) Limited (Co. No. 03295455) are registered in England and
>> Wales and have a registered office address of Cottons Centre, 5th
>> Floor, Hays Lane, London, SE1 2QP.
>>
>> This email and any files transmitted with it are confidential,
>> proprietary and intended solely for the individual or entity to whom
>> they are addressed. If you have received this email in error please
>> delete it immediately.
>>
>>
>
> --
> Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
>
>
--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160517/4ea31704/attachment.htm>
More information about the Freeipa-users
mailing list