Hi Everyone,
I am building a new LDAP v 2.4 cluster. We do not allow anonymous binds and set "sizelimit 1" for all users except our service account used for binding.
limits dn.exact="uid=important,ou=sa,dc=blah" size=unlimited time=unlimited provides the bind account unlimited results.
However, for group members, I am still hitting the "sizelimit 1" when trying:
limits group/posixGroup/memberUid="cn=admins,dc=blah" size=unlimited time=unlimited
Our group entry in LDAP:
# admins, group, ldap.server
dn: cn=admins,dc=blah
objectClass: posixGroup
objectClass: top
cn: admins
memberUid: admin1
memberUid: admin2
From reading the slapd.conf man page, it seems we're not using the default objectclass "groupOfNames," or attribute "member," however when I use the defaults, or the above which exist in our directory, I still hit "sizelimit 1." Of course using dn.exact for our individual accounts works, though I don't want to touch slapd.conf every time we hire someone.
Do you have any insight into what could be causing this behavior? I have not found the answer yet through extensive searching of the internets.
Thanks,
Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics