Ehmmmmmm, well, you are right. nsslapd-sizelimit is in dn "cn=default instance config,cn=chaining database,cn=plugins,cn=config", not in "cn=config" as it should. I am not sure if the change to was done after or before upgrade from 1.1.3 to 1.2.5, so i don't know if the setting was lost or not. I will verify this when we will upgrade a new server.
Regards, and sorry :).
2010/7/1 Noriko Hosoi <nhosoi@xxxxxxxxxx>
Which configuration entry does your nsslapd-sizelimit belong to?
nsslapd-sizelimit: 50000
Is it in "dn: cn=config"?
http://www.redhat.com/docs/manuals/dir-server/8.1/cli/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.html#Configuration_Command_File_Reference-cnconfig-nsslapd_sizelimit_Size_Limit
Thanks,
--noriko
On 07/01/2010 06:00 AM, Juan Asensio Sánchez wrote:-- 389 users mailing listHi
We have just realized that our servers are ignoring the parameter nsslapd-sizelimit. If we do a search of the entire directory (about 50000 entries), we have a size limit exceeded:
# ldapsearch -H ldaps://localhost -x -LLL -b "dc=XXXXX,dc=es" -D "uid=XXXXX,ou=XXXXX,o=XXXX,dc=XXXX,dc=es" -W
[....]
Size limit exceeded (4)
These are the messages in the access log:
[01/Jul/2010:14:53:35 +0200] conn=376 fd=78 slot=78 SSL connection from 127.0.0.1 to 127.0.0.1
[01/Jul/2010:14:53:35 +0200] conn=376 SSL 256-bit AES
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 BIND dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=es" method=128 version=3
[01/Jul/2010:14:53:35 +0200] conn=376 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=es"
[01/Jul/2010:14:53:35 +0200] conn=376 op=1 SRCH base="dc=XXXXX,dc=es" scope=2 filter="(objectClass=*)" attrs=ALL
[01/Jul/2010:14:53:38 +0200] conn=376 op=1 RESULT err=4 tag=101 nentries=2000 etime=3
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 UNBIND
[01/Jul/2010:14:53:42 +0200] conn=376 op=2 fd=78 closed - U1
Although we have configured a size limit of 50000:
# egrep "(^nsslapd-sizelimit:|^nsslapd-idlistscanlimit:|^nsslapd-lookthroughlimit:)" /etc/dirsrv/slapd-pruebas/dse.ldif
nsslapd-sizelimit: 50000
nsslapd-lookthroughlimit: 50000
nsslapd-idlistscanlimit: 50000
Any idea about what is happening?
Regards.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
