[Freeipa-users] Can't set nsslapd-sizelimit

Ludwig Krispenz lkrispen at redhat.com
Tue May 17 13:51:42 UTC 2016 

On 05/17/2016 12:49 PM, Ludwig Krispenz wrote:
>
> On 05/16/2016 11:19 PM, Giuseppe Sarno wrote:
>>
>> Hello,
>>
>> I am new to freeIPA and I am recently working on a project to 
>> integrate freeIPA with some legacy application which uses LDAP for 
>> user management.
>>
>> I have initially created our own ldap structure and I tried to run 
>> the code against freeIPA/389DS. While running this example I noticed 
>> that 389DS takes quite some time to load profile data from the 
>> different ldap nodes (~2000 entries). In a previous prototype using 
>> OpenDJ we had to increase the parameter ds-cfg-size-limit: to ~1000 
>> with good results. I am wondering now whether we can do the same for 
>> the freeIPA/389DS server. I found the following pages but I could not 
>> work out what the exact command should be to modify those parameters.
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/User_Account_Management-Setting_Resource_Limits_Based_on_the_Bind_DN.html
>>
>> http://directory.fedoraproject.org/docs/389ds/howto/howto-ldapsearchmanyattr.html
>>
>> I attempted the following but received a ObjectClass violation:
>>
>> [centos at ldap-389ds-ireland ~]$ ldapmodify  -h ldap-389ds-ip -D 
>> "cn=Directory Manager" -w '<password>' -f slimit
>>
>> modifying entry "dc=ldap,dc=adeptra,dc=com"
>>
>> ldap_modify: Object class violation (65)
>>
>> additional info: attribute "nsslapd-sizelimit" not allowed
>>
>> slimit:
>>
>> dn: dc=ldap,dc=example,dc=com
>>
>> changetype: modify
>>
>> add:nsslapd-sizelimit
>>
>> nsslapd-sizelimit: 1000
>>
>> I also attempted using a user dn but with the same result.
>>
> the example in the doc is unfortunately incorrect, 
in the latest doc it is corected: 
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Finding_Directory_Entries.html#Setting_Resource_Limits_Based_on_the_Bind_DN-Setting_Resource_Limits_Using_the_Command_Line
> nsslapd-sizelimit is the general limit in cn=config, the attribute per 
> user is nsSizeLimit ( as used in the text in teh doc).
> And you have to add it to a user used for binding
>>
>> Can anybody help ?
>>
>> Thanks,
>>
>> Giuseppe.
>>
>>
>> Fair Isaac Services Limited (Co. No. 01998476) and Fair Isaac 
>> (Adeptra) Limited (Co. No. 03295455) are registered in England and 
>> Wales and have a registered office address of Cottons Centre, 5th 
>> Floor, Hays Lane, London, SE1 2QP.
>>
>> This email and any files transmitted with it are confidential, 
>> proprietary and intended solely for the individual or entity to whom 
>> they are addressed. If you have received this email in error please 
>> delete it immediately.
>>
>>
>
> -- 
> Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
> Commercial register: Amtsgericht Muenchen, HRB 153243,
> Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
>
>

-- 
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160517/4ea31704/attachment.htm>

More information about the Freeipa-users mailing list