[Date Prev][Date Next]
Re: 8 principal limitation in openldap
- To: Srivatsav M <firstname.lastname@example.org>
- Subject: Re: 8 principal limitation in openldap
- From: Marco Pizzoli <email@example.com>
- Date: Fri, 25 Mar 2011 15:53:33 +0100
- Cc: firstname.lastname@example.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=5kgvWmRbSlQ4Mm/JSXbRBzDKAoGUCl6neprxfbgDZ2I=; b=uw2Icnbd+vlEVBvMxGB0YkrdSQke7EWdqgwGCbY63Y/CvzoDMvNak/3wYvjytvcMcj tZegEignKKjXsmt4DKziTBYAKqn6s4O4uZA+Pdq5CztSWM/ek+hZx/buO7y6vN6NnBSg 45oCAwOLQmydUHgO8HyFMtttbN+YGwBxsHSx0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=N0upyROc+TZMDOV8qUBE7y1gN+jaPWEWr+Kry88awPvkx0Gj51fm9Gj7PXH5BM1/sT f6Rmub9kz2VwR3G5w8U9mwHR10cCnX9L861LNuQykioCi1pIsa5j6PDHl2DhgytTG4RT VoELrdUvhxM+uxvH34IZBsXXNSCOHzTcCMDD0=
- In-reply-to: <AANLkTinp186an=GS0mXacbBzq3J+FxdTrn1jH54dkki6@mail.gmail.com>
- References: <AANLkTinp186an=GS0mXacbBzq3J+FxdTrn1jH54dkki6@mail.gmail.com>
I could be corrected if I'm wrong, but this problem is not related to OpenLDAP. It's a nss_ldap problem.
nss_ldap is a client library that's used by linux vendors to achieves seamless integration of users against *a* LDAP server.
I had a similar problem with a complex configuration and bypassed (not solved) the problem by modifying my client configuration.
I reduced the number of ldap server configured to be accessed: from 4 to 3.
I reduced the number of users defined in nss_initgroups_ignoreusers directive: i had about 40 listed in it...
Make some tries and tell me if you can solve it.
On Thu, Mar 24, 2011 at 9:25 PM, Srivatsav M <email@example.com>
We are using OpenLDAP for authenticating users registered in a LDAP server (Open LDAP, Active Directory). After adding 8 principals (/etc/ldap.conf), none of the users registered in the /etc/ldap.conf file are able to login.
Can you please share the reason for this 7 limitation in the open ldap library. or how I can fix this issue. I am looking i for the header file in the source files whhich has this constant or limitation defined.
Tried googling, but it appears that no one has encountered this issue. Some customers are running into this issue and it has become a severity 1 issue to fix.
Non è forte chi non cade, ma chi cadendo ha la forza di rialzarsi.