Re: another question: searches running into administrative limits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 6/1/22 4:11 PM, Pierre Rogier wrote:
Hi Rainer,

try:
   dsconf instanceName backend config set --idlistscanlimit  5000
Note: you must perform a full reindex or a reimport after changing this value

Actually you don't need to do that in 389ds (only SunDS), in 389DS we actually index everything regardless of this setting.  So making that config change will work right away, but really I think you need to set the lookthroughlimit like David suggested:

# dsconf instanceName backend config set --lookthroughlimit 5000


Mark


FYI: Browsing (or VLV) index does not help unless you are also using
VLV controls in the search request

On Wed, Jun 1, 2022 at 6:24 PM David Ritenour <d.ritenour@xxxxxxxxxxxxx> wrote:
Try setting the nslookthroughlimit to 5000 (or -1 for unlimited) on the entry you are binding with.

Alternatively, you can set the nsslapd-lookthroughlimit to 5000 (or -1 for unlimited) in the cn=config,cn=ldbm database,cn=plugins,cn=config entry but doing so will remove the lookthroughlimit restriction for ANYONE searching the directory.

In addition, I would avoid using a complex search with "objectClass=inetOrgPerson" if the filter "uid=926*" is sufficient.

David Ritenour
Senior Directory Engineer
513 Madison Street SE
Huntsville, AL 35801




-----Original Message-----
From: Rainer Duffner <rainer@xxxxxxxxxxxxxxx>
Sent: Wednesday, June 1, 2022 11:45 AM
To: General discussion list for the 389 Directory server project. <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [389-users] another question: searches running into administrative limits

** WARNING: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


Hi,


when searching for something like this:

LDAPTLS_REQCERT=never ldapsearch  -xLLL -H ldaps://127.0.0.1:636 -D "cn=bla,dc=users,dc=bla,dc=org,dc=da" -W -b 'dc=ble,dc=bla,dc=org,dc=da' -s sub -a always "(&(objectclass=inetOrgPerson)(uid=926*))" "uid" "objectClass"

I get the "Administrative limit exceeded (11)“ error message.

There are less than 5000 entries in that directory - and I’ve set the size-limit to 5000 subsequently (from the default 2000).

I then created a Browsing Index on the „ble“ directory - but I still the the error message.
Also enabled SubString Indexes for the uid attribute.

What else could there be?


Rainer
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email and any such files in error and that any use, dissemination, forwarding, printing or copying of this email and/or any such files is strictly prohibited. If you have received this email in error please immediately notify hr@xxxxxxxxxxxxx - (855) 212-1810 , and destroy the original message and any such files.
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


--
Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux