The ldap.conf man page says this:
SIZELIMIT <integer> Specifies a size limit to use when performing searches. The number should be a non-negative integer. SIZELIMIT of zero (0) specifies unlimited search size.
However it appears that putting "SIZELIMIT 0" in my ldap.conf gives a: # search result search: 2 result: 4 Size limit exceeded
To workaround this I put a very large value and it works. I am using openldap 2.4.11 compiled from source on a Slackware 10.0. Is it an openldap bug?
Thanks, Fabio
----- "Fabio Pedretti" fabio.pedretti@ing.unibs.it wrote:
The ldap.conf man page says this:
SIZELIMIT <integer> Specifies a size limit to use when performing searches. The number should be a non-negative integer. SIZELIMIT of zero (0) specifies unlimited search size.
However it appears that putting "SIZELIMIT 0" in my ldap.conf gives a: # search result search: 2 result: 4 Size limit exceeded
To workaround this I put a very large value and it works. I am using openldap 2.4.11 compiled from source on a Slackware 10.0. Is it an openldap bug?
Do you have any limits on your slapd config?
Citando Gavin Henry ghenry@suretecsystems.com:
----- "Fabio Pedretti" fabio.pedretti@ing.unibs.it wrote:
The ldap.conf man page says this:
SIZELIMIT <integer> Specifies a size limit to use when performing searches. The number should be a non-negative integer. SIZELIMIT of zero (0) specifies unlimited search size.
However it appears that putting "SIZELIMIT 0" in my ldap.conf gives a: # search result search: 2 result: 4 Size limit exceeded
To workaround this I put a very large value and it works. I am using openldap 2.4.11 compiled from source on a Slackware 10.0. Is it an openldap bug?
Do you have any limits on your slapd config?
OK, I found the problem.
In my slapd.conf I had sizelimit 0 which appears to be wrong. In this case SIZELIMT 0 in ldap.conf gives zero records, SIZELIMIT 1 gives 1 records, etc...
Changing slapd.conf to: sizelimit unlimited works correctly.
This behaviour is somewhat strange, however: 1) "sizelimit" in slapd.conf and "SIZELIMIT" options in ldap.conf are not coherent (the first want "unlimited", the latter "0" to specify no limits); 2) when "sizelimit 0" is defined in slapd.conf the behaviour appears to be undefined (it works fine only if you use a different than "0" value for SIZELIMIT in ldap.conf); it should print an error or at least a warning when set to "0", since this not means "no limits" (or even better "0" could be changed to means "unlimited" also here and also reflected in man page of slapd.conf).
Thanks, Fabio
Fabio Pedretti wrote:
Citando Gavin Henry ghenry@suretecsystems.com:
----- "Fabio Pedretti" fabio.pedretti@ing.unibs.it wrote:
The ldap.conf man page says this:
SIZELIMIT <integer> Specifies a size limit to use when performing searches. The number should be a non-negative integer. SIZELIMIT of zero (0) specifies unlimited search size.
However it appears that putting "SIZELIMIT 0" in my ldap.conf gives a: # search result search: 2 result: 4 Size limit exceeded
To workaround this I put a very large value and it works. I am using openldap 2.4.11 compiled from source on a Slackware 10.0. Is it an openldap bug?
Do you have any limits on your slapd config?
OK, I found the problem.
In my slapd.conf I had sizelimit 0 which appears to be wrong. In this case SIZELIMT 0 in ldap.conf gives zero records, SIZELIMIT 1 gives 1 records, etc...
Changing slapd.conf to: sizelimit unlimited works correctly.
This behaviour is somewhat strange, however:
- "sizelimit" in slapd.conf and "SIZELIMIT" options in ldap.conf are
not coherent (the first want "unlimited", the latter "0" to specify no limits);
Correct. They do not need to be coherent: SIZELIMIT 0 refers to an unlimited sizelimit as per RFC 4511. sizelimit 0 is private to slapd, a specific DSA implementation's configuration, whose semantics requires to be able to specify both an unlimited size limit and a 0 size limit (e.g. to prevent specific users from receiving any entry).
- when "sizelimit 0" is defined in slapd.conf the behaviour appears to
be undefined (it works fine only if you use a different than "0" value for SIZELIMIT in ldap.conf); it should print an error or at least a warning when set to "0", since this not means "no limits" (or even better "0" could be changed to means "unlimited" also here and also reflected in man page of slapd.conf).
What seems to be an inconsistency, is actually intended (and documented, AFAIK). In fact, "sizelimit 0" sets the soft limit, while the hard limit remains the default (500). Probably, "sizelimit X" should set both.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ----------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Fax: +39 0382 476497 Email: ando@sys-net.it -----------------------------------
-
Fabio Pedretti -
Gavin Henry -
Pierangelo Masarati