[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Maximum number of uniqueMembers

Rébeli-Szabó Tamás wrote:

Hi all,

is there a limit for the number of attributes for entries?


No.


Specifically, I
want to have 500,000 uniqueMembers for a group entry, but I cannot add more
than 359,000. When I try to add 360,000 or more, I get:

"ldapadd: update failed ... ldap_add: Can't contact LDAP server (-1)"
There is a limit on how much data you can send in a single LDAP request. Read the slapd-config(5) or slapd.conf(5) manpage, SockbufMaxIncoming 

The group entry look like this:

dn: cn=biggroup,ou=groups,dc=test,dc=com
objectClass:top
objectClass: groupOfUniqueNames
cn: Ah, big group
uniqueMember: uid=user1,ou=users,dc=test,dc=com
uniqueMember: uid=user2,ou=users,dc=test,dc=com
...
uniqueMember: uid=user359000,ou=users,dc=test,dc=com

I have 1 million users in ou=users,dc=test,dc=com (so I haven't run into a
limit here).

I am on 2.4.41, LMDB with 4G maxsize (RHEL 5.10; 2.6.39). I have no limits set
in slapd.conf.


Another, related issue:

If I add 359k members to a group, and then I try to modify the group to add
another member, ldapadd hangs. When I trace it, all I can see is continual
ldap_result calls, that is, the client is waiting for the update operation to
end on the server, and slapd is using nearly 100% of CPU.


Read the slapd.conf(5) manpage, sortvals.


If I restart the server, I can add one member, but I cannot add say a hundred
thousand more.


Any hint is appreciated.

Regards,

tamas


<tel:+36%2030%202100%20873>






--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/