strange problem with group of more than 2000 users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

thanks
i set the sizelimit to -1 but it don t  works better
i set nssizelimit to -1 of the proxyagent which is used to bind to the 
directory but same result
i look at the logs and when i use id or getent there is directory query
it seems crazy i can t have more than 2000 users in a group
i search the limit of users i can have
basile

Jeff Clowser wrote:

> It could be a limit on the sizes of groups, etc in Solaris.
>
> To check to see if it's LDAP related, look at the ldap access logs for 
> queries related to that group or coming from that machine.  Anyway, 
> 2000 I believe is the default sizelimit for searches, so look for 
> entries with 2000 results, if it's consistently failing at 2000 
> users.  If it's just reading the group with 2000+ static members (1 
> entry), then maybe reading each user individually (1 entry/search), it 
> shouldn't hit a resource limit.  But...  if it reads the group, then 
> searches for all users with that group id, or something similar, it 
> may hit the administrative limits.
>
> For a simple test, you could up the sizelimit (say to 10000 or -1) on 
> the directory server and see if the problem goes away.
>
> If you find something like this, there are a couple ways to fix it:
> 1.  Up your server administrative sizelimit (to a higher number, or -1 
> for unlimited).  This should be a last resort, since it allows anyone 
> (even anonymous) to make unlimited size searches against your 
> directory.  If your directory is large, that could cause problems.
> 2.  If the solaris box is binding as a particular DN to search, you 
> can add the nsSizeLimit to that entry, and set it to a higher value 
> (or -1 for unlimited).
> 3.  If it binds as the end user, you can add nsSizelimit to each user 
> that can log in.  This is a bit more of a pain to do since you have to 
> do it for all users, but is better than increasing the limit for the 
> entire server, in general.
>
> - Jeff
>
> basile au siris wrote:
>
>> hi
>> i have fds 7.1 on solaris 9 and users and group stored in the directory
>> all works fine except for a group of more than 2000 users
>> when i use id or getent system did not recognize the group
>> maybe it s not a fds problem but if someone can give me an idea
>> thanks
>> basile
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux