[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: limits in openldap 2.3

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: limits in openldap 2.3
From: Oliver Henriot <Oliver.Henriot@imag.fr>
Date: Tue, 03 Mar 2009 08:35:40 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <E57747D237EB74E8060B0D83@[192.168.1.199]>
References: <49ABF9AE.8070601@imag.fr> <E57747D237EB74E8060B0D83@[192.168.1.199]>
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear Quanah and list members,

Indeed, man slapd.conf should have my first guess. Thank you for
pointing it out.

Nonetheless, I can't get the limits to work.
In my master slapd.conf I have :

   limits dn.exact="cn=repuser,dc=mydom,dc=fr" size.soft=unlimited
size.hard=unlimited size.unchecked=unlimited

In my replica slapd.conf syncrepl section I have :

   bindmethod=simple
   binddn="cn=repuser,dc=mydom,dc=fr"
   credentials=secret
   updatedn="cn=repuser,dc=mydom,dc=fr"

However, when I try to sync the replica with the master, it stops after
looking up 500 entries. I end up with an incomplete replica which never
goes beyond the same point. The limit is confirmed by :

# grep be_search slapd.log | wc -l
500

in the replica log (I set loglevel to 16384 for this test).
That, with the fact that I couldn't find the limits directive in the
openldap documentation, is what made me wrongly presume that limits
didn't work in openldap 2.3. Sorry for the confusion.

If I use "sizelimit unlimited" in my master slapd.conf the problem
disappears without modifying any other parameter.

I presume it's my limits directive that has a problem.
I don't think it's the user dn, the user exists in the master directory :

$ ldapsearch -x -H ldaps://master.mydom.fr:636/ -b "dc=mydom,dc=fr" -LLL
"(cn=repuser)" dn
dn: cn=repuser,dc=mydom,dc=fr

and anyway it wouldn't work at all, not just for 500 entries.

So why are default limits overriding my limits? I really can't work out
what I'm doing wrong. Any help would be greatly appreciated.

Thanks,

Dans sa grande sagesse, Quanah Gibson-Mount a écrit, le 02.03.2009 18:45 :
> --On Monday, March 02, 2009 4:22 PM +0100 Oliver Henriot
> <Oliver.Henriot@imag.fr> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Dear list members,
>>
>> Is there a mechanism to control acces limits in openldap 2.3 similar to
>> what can be achieved with the openldap 2.4 limits directive
>> (http://www.openldap.org/doc/admin24/limits.html)?
>>
>> Appart from sizelimit and timelimit, which are not dn specific and
>> therefore do not allow the same fine tuning as the limits directive, I
>> haven't found anything. Maybe I missed it?
> 
> The "limits" directive is also part of OpenLDAP 2.3.
> 
> <http://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.3-Release&format=html>
> 
> 
> --Quanah
> 
> -- 
> 
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration

- --
Oliver Henriot B.Sc. Ph.D. | Technicien de Maintenance
Moyens Informatiques et Multimédia | UMS MI2S | http://mi2s.imag.fr/
Domaine universitaire BP53 | 38041 Grenoble cedex 9 | France
tel.: +33 4 76 51 43 48 | fax: +33 4 76 51 47 15

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkms3csACgkQSWuBJnHIHdLQawCg5R/A3QeQOZNWIIADqIY0kRWp
VeMAniEOGIV3Do+udWs36adiqyK3NQMK
=YZ+/
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: limits in openldap 2.3
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- limits in openldap 2.3
  - From: Oliver Henriot <Oliver.Henriot@imag.fr>
- Re: limits in openldap 2.3
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: OpenLDAP 2.4.15 : CSN too old when using 4-way multimaster
Next by Date: Re: limits in openldap 2.3
Index(es):
- Chronological
- Thread