On Wed, Oct 22, 2008 at 11:17 PM, Karthik Dathathri <karthikd@aol.in> wrote:
Hi Buchan,

As you mentioned, I tested the configuration manually in the provider:

I removed all the earlier ACL settings in slapd.conf of provider and just added the global ACL below:

access to *
         by * read

When I ran ldapsearch query using -D "uid=syncrepl,ou=System,dc=example,dc=com" on the provider machine, I am getting the result as:

#ldapsearch2.4 -x -W -D "uid=syncrepl,ou=System,dc=example,dc=com" -b "dc=example,dc=com"  mail uid givenName


<Entries Snipped>
# search result
search: 2
result: 4 Size limit exceeded

# numResponses: 501
# numEntries: 500

Why dont you try :

limits dn.exact="uid=syncrepl,ou=System,dc=example,dc=com" size=unlimited time=unlimited

As a test on the provider, maybe your group is not being expanded as you expect.

Group syntax seen elsewhere in this list have looked is more like :

limits group/groupOfUniqueNames/uniqueMember="cn=LDAPAdmins,ou=Groups,dc=example,dc=com"
   size=unlimited time=unlimited

I'd suggest trying the test again with the dn.exact one first, and if that works then try the other.

Cheers
Brett