-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Quanah and list members, Indeed, man slapd.conf should have my first guess. Thank you for pointing it out. Nonetheless, I can't get the limits to work. In my master slapd.conf I have : limits dn.exact="cn=repuser,dc=mydom,dc=fr" size.soft=unlimited size.hard=unlimited size.unchecked=unlimited In my replica slapd.conf syncrepl section I have : bindmethod=simple binddn="cn=repuser,dc=mydom,dc=fr" credentials=secret updatedn="cn=repuser,dc=mydom,dc=fr" However, when I try to sync the replica with the master, it stops after looking up 500 entries. I end up with an incomplete replica which never goes beyond the same point. The limit is confirmed by : # grep be_search slapd.log | wc -l 500 in the replica log (I set loglevel to 16384 for this test). That, with the fact that I couldn't find the limits directive in the openldap documentation, is what made me wrongly presume that limits didn't work in openldap 2.3. Sorry for the confusion. If I use "sizelimit unlimited" in my master slapd.conf the problem disappears without modifying any other parameter. I presume it's my limits directive that has a problem. I don't think it's the user dn, the user exists in the master directory : $ ldapsearch -x -H ldaps://master.mydom.fr:636/ -b "dc=mydom,dc=fr" -LLL "(cn=repuser)" dn dn: cn=repuser,dc=mydom,dc=fr and anyway it wouldn't work at all, not just for 500 entries. So why are default limits overriding my limits? I really can't work out what I'm doing wrong. Any help would be greatly appreciated. Thanks, Dans sa grande sagesse, Quanah Gibson-Mount a écrit, le 02.03.2009 18:45 : > --On Monday, March 02, 2009 4:22 PM +0100 Oliver Henriot > <Oliver.Henriot@imag.fr> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Dear list members, >> >> Is there a mechanism to control acces limits in openldap 2.3 similar to >> what can be achieved with the openldap 2.4 limits directive >> (http://www.openldap.org/doc/admin24/limits.html)? >> >> Appart from sizelimit and timelimit, which are not dn specific and >> therefore do not allow the same fine tuning as the limits directive, I >> haven't found anything. Maybe I missed it? > > The "limits" directive is also part of OpenLDAP 2.3. > > <http://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.3-Release&format=html> > > > --Quanah > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and collaboration - -- Oliver Henriot B.Sc. Ph.D. | Technicien de Maintenance Moyens Informatiques et Multimédia | UMS MI2S | http://mi2s.imag.fr/ Domaine universitaire BP53 | 38041 Grenoble cedex 9 | France tel.: +33 4 76 51 43 48 | fax: +33 4 76 51 47 15 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkms3csACgkQSWuBJnHIHdLQawCg5R/A3QeQOZNWIIADqIY0kRWp VeMAniEOGIV3Do+udWs36adiqyK3NQMK =YZ+/ -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature