Try setting the nslookthroughlimit to 5000 (or -1 for unlimited) on the entry you are binding with. Alternatively, you can set the nsslapd-lookthroughlimit to 5000 (or -1 for unlimited) in the cn=config,cn=ldbm database,cn=plugins,cn=config entry but doing so will remove the lookthroughlimit restriction for ANYONE searching the directory. In addition, I would avoid using a complex search with "objectClass=inetOrgPerson" if the filter "uid=926*" is sufficient. David Ritenour Senior Directory Engineer 513 Madison Street SE Huntsville, AL 35801 -----Original Message----- From: Rainer Duffner <rainer@xxxxxxxxxxxxxxx> Sent: Wednesday, June 1, 2022 11:45 AM To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx> Subject: [389-users] another question: searches running into administrative limits ** WARNING: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, when searching for something like this: LDAPTLS_REQCERT=never ldapsearch -xLLL -H ldaps://127.0.0.1:636 -D "cn=bla,dc=users,dc=bla,dc=org,dc=da" -W -b 'dc=ble,dc=bla,dc=org,dc=da' -s sub -a always "(&(objectclass=inetOrgPerson)(uid=926*))" "uid" "objectClass" I get the "Administrative limit exceeded (11)“ error message. There are less than 5000 entries in that directory - and I’ve set the size-limit to 5000 subsequently (from the default 2000). I then created a Browsing Index on the „ble“ directory - but I still the the error message. Also enabled SubString Indexes for the uid attribute. What else could there be? Rainer _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email and any such files in error and that any use, dissemination, forwarding, printing or copying of this email and/or any such files is strictly prohibited. If you have received this email in error please immediately notify hr@xxxxxxxxxxxxx - (855) 212-1810 , and destroy the original message and any such files. _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
