i did a test with 643 users it works with 800 users it don t works could it be timers problem ( time_search_limit or time_bind_limit for proxyagent wich is used to query directory ) basile basile au siris wrote: > thanks > i set the sizelimit to -1 but it don t works better > i set nssizelimit to -1 of the proxyagent which is used to bind to the > directory but same result > i look at the logs and when i use id or getent there is directory query > it seems crazy i can t have more than 2000 users in a group > i search the limit of users i can have > basile > > Jeff Clowser wrote: > >> It could be a limit on the sizes of groups, etc in Solaris. >> >> To check to see if it's LDAP related, look at the ldap access logs >> for queries related to that group or coming from that machine. >> Anyway, 2000 I believe is the default sizelimit for searches, so look >> for entries with 2000 results, if it's consistently failing at 2000 >> users. If it's just reading the group with 2000+ static members (1 >> entry), then maybe reading each user individually (1 entry/search), >> it shouldn't hit a resource limit. But... if it reads the group, >> then searches for all users with that group id, or something similar, >> it may hit the administrative limits. >> >> For a simple test, you could up the sizelimit (say to 10000 or -1) on >> the directory server and see if the problem goes away. >> >> If you find something like this, there are a couple ways to fix it: >> 1. Up your server administrative sizelimit (to a higher number, or >> -1 for unlimited). This should be a last resort, since it allows >> anyone (even anonymous) to make unlimited size searches against your >> directory. If your directory is large, that could cause problems. >> 2. If the solaris box is binding as a particular DN to search, you >> can add the nsSizeLimit to that entry, and set it to a higher value >> (or -1 for unlimited). >> 3. If it binds as the end user, you can add nsSizelimit to each user >> that can log in. This is a bit more of a pain to do since you have >> to do it for all users, but is better than increasing the limit for >> the entire server, in general. >> >> - Jeff >> >> basile au siris wrote: >> >>> hi >>> i have fds 7.1 on solaris 9 and users and group stored in the directory >>> all works fine except for a group of more than 2000 users >>> when i use id or getent system did not recognize the group >>> maybe it s not a fds problem but if someone can give me an idea >>> thanks >>> basile >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
