[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end

Hi Brett,

I was on a vacation for past few days. That's why I couldn't check my e-mails.Thanks for your tips. Somehow, your e-mail didn't got delivered to my AOL mail Inbox :-(

I checked your mail from openldap-software mailing list archives after seeing reply from Howard.

Both the limits configuration(dn.exact, group/groupOfUniqueNames/uniqueMember) you suggested worked for me like a charm. That was really helpful.


I tried the following syntaxes

limits group/groupOfNames/member = "cn=LDAPAdmins,ou=Groups,dc=example,dc=com" size=unlimited time=unlimited


limits group/groupOfNames/member.exact="cn=LDAPAdmins,ou=Groups,dc=example,dc=co
m" size=unlimited time=unlimited

But, it didn't worked. I was still getting the same "Limit exceeded" error when I tried ldapsearch with
-D "uid=synscrepl,ou=System,dc=example,dc=com".

However, the one suggested by Brett

limits group/groupOfUniqueNames/uniqueMember="cn=LDAPAdmins,ou=Groups,dc=example
,dc=com" size=unlimited time=unlimited

worked without any issues.

Thanks & Regards,
Karthik Dathathri

-----Original Message-----
From: Howard Chu <hyc@symas.com>
To: Brett @Google <brett.maxfield@gmail.com>
Cc: openldap-software@openldap.org
Sent: Thu, 23 Oct 2008 5:17 am
Subject: Re: OpenLDAP 2.4 syncrepl - Size limit exceeded error in consumer end

Brett @Google wrote:
Why dont you try :

limits dn.exact="uid=syncrepl,ou=System,dc=example,dc=com"
size=unlimited time=unlimited

As a test on the provider, maybe your group is not being expanded as

Group syntax seen elsewhere in this list have looked is more like :

The group syntax is already documented in slapd.conf(5). No need to tell what
it's "sort of like as seen on this list" - tell precisely what it is.


size=unlimited time=unlimited

As noted in slapd.conf(5) the default objectclass and attribute are
groupOfNames and member, respectively. groupOfUniqueNames and uniqueMember are
totally bogus in LDAP.

I'd suggest trying the test again with the dn.exact one first, and if
that works then try the other.

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

You are invited to Get a Free AOL Email ID. - http://webmail.aol.in