[Date Prev][Date Next] [Chronological] [Thread] [Top]

sizelimit

To: openldap-technical@openldap.org
Subject: sizelimit
From: Maily Peng <mpeng@keyyo.com>
Date: Mon, 25 Jul 2016 13:23:50 +0200
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi all,

I can not apply a limits directive to my slapd.conf. I need a user (cn=replicator,ou=AppUsers,dc=company,dc=net) to have read access to all entries of a database.
The global sizelimits ( 1000) seems to override any other database directive. Each ldapsearch returns a " 4 Size limit exceeded".

openldap version : 2.4.42
here is a sample of my slapd.conf

...
# Define global ACLs to disable default read access.

sizelimit 1000
timelimit 5

tool-threads    8

pidfile         /usr/local/var/run/slapd.pid
argsfile        /usr/local/var/run/slapd.args

#######################################################################
# database definitions
#######################################################################

#########################################
# Directories DATABASE
#########################################
database        mdb
suffix          "ou=Directories,dc=company,dc=net"
subordinate
checkpoint      1024    5
dbnosync
maxsize         10737418240
envflags        writemap
rootdn          "cn=admin,dc=company,dc=net"

# Mode 700 recommended.
directory       /var/lib/openldap/ldap

# acl
authz-regexp uid=([^,]*),cn=digest-md5,cn=auth ldap:///ou=company,dc=company,dc=net??sub?(&(objectclass=psnDirectoryContact)(cli=sipdefault:$1))

access to *
        by dn.exact="cn=replicator,ou=AppUsers,dc=company,dc=net" write
        by * break

...........

access to dn.sub="ou=AppUsers,dc=company,dc=net" attrs=userpassword
        by anonymous auth
        by * none

# Indices to maintain
index   cn,dc,sn,uid,mail,telephoneNumber pres,eq,sub
index   arecord,description eq
index   objectClass,macAddress,custID,locationID,zoneGroupPrefix,entryUUID,entryCSN    pres,eq

# Sync Repl
overlay syncprov
# all standard entries in the accesslog that were successful
syncrepl rid=0
          provider=ldap://
          bindmethod=simple
          binddn="cn=user,ou=login,cn=system"
          credentials=secret
          searchbase="ou=Directories,dc=company,dc=net"
          logbase="cn=accesslog_directories"
          logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
          schemachecking=on
          type=refreshAndPersist
          retry="60 +"
          syncdata=accesslog

#limits
limits dn.exact="cn=replicator,ou=AppUsers,dc=company,dc=net" size=unlimited time=unlimited

....

thanks in advance.

Follow-Ups:
- Re: sizelimit
  - From: Frank Swasey <Frank.Swasey@uvm.edu>
- Re: sizelimit
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: need to recover slapd password and upgrade openldap
Next by Date: Intermediate certificates not being sent
Index(es):
- Chronological
- Thread