[Freeipa-users] DNS search timeouts and incomplete results
Tomas Krizek
tkrizek at redhat.com
Tue Nov 29 08:15:59 UTC 2016
On 11/28/2016 11:44 PM, Mike Driscoll wrote:
> I'm running:
> # rpm -qa | grep ipa-server
> ipa-server-4.4.0-12.0.1.el7.x86_64
> ipa-server-dns-4.4.0-12.0.1.el7.noarch
> ipa-server-common-4.4.0-12.0.1.el7.noarch
>
> Searching DNS for all hostnames containing "qa" times out in the GUI. Setting aside the option to change server defaults, this cli command isn't giving me the content I need:
>
> # ipa dnsrecord-find mydomain.com --sizelimit=10000 --timelimit=20 | grep qa
> ipa: WARNING: Search result has been truncated: Configured size limit exceeded
>
> It seems like the sizelimit parameter greater than two thousand is being ignored:
>
> # ipa dnsrecord-find mydomain.com --sizelimit=1900 --timelimit=20
> ...
> -------------------------------
> Number of entries returned 1900
> -------------------------------
>
> # ipa dnsrecord-find mydomain.com --sizelimit=2100 --timelimit=20
> ...
> -------------------------------
> Number of entries returned 2000
> -------------------------------
>
> Any suggestions?
>
> Mike
>
Hi,
you seem to be hitting the size limit on LDAP side. To verify, check
ldapsearch -D 'cn=directory manager' -W -b cn=config cn=config | grep
nsslapd-sizelimit
If you really need to increase this size limit, you will have to modify
the nsslapd-sizelimit in cn=config.
--
Tomas Krizek
More information about the Freeipa-users
mailing list