[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: per-dn limits



> Hi all
>
> I have reproduced the same behaviour with 2.4.28 on Linux and Solaris.
>
> Any chance this is a recursion/bug?


The "limits" statement is database-specific; where did you put it in
slapd.conf?  It must be within the database it applies to.

p.

> krgds /markus
>
> On 11/24/11 21:23, Markus Wernig wrote:
>> Hello all
>>
>> I do not seem to be able to get per-dn limits working ...
>>
>> openldap-2.4.25 on Solaris 11 x86
>>
>> I have put the following in slapd.conf:
>>
>> limits dn.exact="cn=repl_ldap,dc=domain,dc=com"
>>         size=unlimited
>>         time=unlimited
>>
>> access to *
>>         by dn="cn=repl_ldap,dc=domain,dc=com" read
>> 	...
>>
>> (obviously the syncrepl user ;-)
>>
>> and also:
>> syncrepl rid=1
>> ...
>> 	sizelimit="unlimited"
>> 	timelimit="unlimited"
>> 	searchbase="dc=domain,dc=com"
>> 	binddn="n=repl_ldap,dc=domain,dc=com"
>>
>> on the consumer side
>>
>>
>> But the DN always gets a maximum of 500 entries, whether using
>> ldapsearch or during replication:
>>
>> # ldapsearch -x -h localhost '(objectClass=*)'
>> -D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com"
>> Enter LDAP Password:XXXX
>>
>> [...]
>>
>> # search result
>> search: 2
>> result: 4 Size limit exceeded
>>
>> # numResponses: 501
>> # numEntries: 500
>>
>> While there are ~700 entries in the directory.
>>
>>
>> The same happens during replication, where only 500 entries are synced
>> to the consumer (eg. if I delete the local DB on the consumer and
>> restart slapd)
>>
>> Only if I set
>> ...
>> sizelimit	unlimited
>> timelimit	unlimited
>> ...
>>
>> globally in the provider's slapd.conf (i.e. before any database
>> definition), does repl_ldap receive all entries.
>>
>> Is there anything else I need to configure in order to allow the DN
>> access to all entries?
>>
>> thx /markus
>>
>> PS: I have also tried different variants of the following:
>> limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited
>> time.hard=unlimited size.soft=unlimited size.hard=unlimited
>>
>
>
>