[Date Prev][Date Next] [Chronological] [Thread] [Top]

per-dn limits

Hello all

I do not seem to be able to get per-dn limits working ...

openldap-2.4.25 on Solaris 11 x86

I have put the following in slapd.conf:

limits dn.exact="cn=repl_ldap,dc=domain,dc=com"

access to *
        by dn="cn=repl_ldap,dc=domain,dc=com" read

(obviously the syncrepl user ;-)

and also:
syncrepl rid=1

on the consumer side

But the DN always gets a maximum of 500 entries, whether using
ldapsearch or during replication:

# ldapsearch -x -h localhost '(objectClass=*)'
-D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com"
Enter LDAP Password:XXXX


# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 501
# numEntries: 500

While there are ~700 entries in the directory.

The same happens during replication, where only 500 entries are synced
to the consumer (eg. if I delete the local DB on the consumer and
restart slapd)

Only if I set
sizelimit	unlimited
timelimit	unlimited

globally in the provider's slapd.conf (i.e. before any database
definition), does repl_ldap receive all entries.

Is there anything else I need to configure in order to allow the DN
access to all entries?

thx /markus

PS: I have also tried different variants of the following:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited