I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm). I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
conn=6 op=1 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=6 op=1 SRCH attr=cn sn givenName mail conn=6 op=1 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=6 op=2 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=6 op=2 SRCH attr=cn sn givenName mail conn=6 op=2 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=6 op=3 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=6 op=3 SRCH attr=cn sn givenName mail conn=6 op=3 SEARCH RESULT tag=101 err=4 nentries=100 text=
Is it the normal behaviour ?
How can I do to get all entries from ou people ?
Thank's
Vincent
1000+1000+100 = 2100; if you have sizelimit set to 2100, the search can't return > 30,000 entries short of a bug in OpenLDAP. I'd be wiling to wager that if you dropped the sizelimit you'd see everything and this is all normal behavior.
See the sizelimit and/or limits directive in slapd.conf(5) man page. In particular, you might be looking for size.pr or size.prtotal or similar instead of your current configuration.
On Tue, 20 Mar 2007, Vincent MATHIEU wrote:
I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm). I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
conn=6 op=1 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=6 op=1 SRCH attr=cn sn givenName mail conn=6 op=1 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=6 op=2 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=6 op=2 SRCH attr=cn sn givenName mail conn=6 op=2 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=6 op=3 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=6 op=3 SRCH attr=cn sn givenName mail conn=6 op=3 SEARCH RESULT tag=101 err=4 nentries=100 text=
Is it the normal behaviour ?
How can I do to get all entries from ou people ?
Thank's
Vincent
-- Vincent MATHIEU Université Nancy 2 - CRI Equipe système et réseaux tel : 03 54 50 36 56 coordonnées : http://www.univ-nancy2.fr/ANNUAIRE/PERS/detail_pres.php?uid=vmathieu
Vincent MATHIEU vincent.mathieu@univ-nancy2.fr writes:
I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm). I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
[...]
Is it the normal behaviour ?
yes, as sizelimit is set to 2100, simple paged results does not override the configured sizelimit declaration.
How can I do to get all entries from ou people ?
set sizelimit to -1 in slapd.conf
-Dieter
Vincent MATHIEU wrote:
I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm). I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
Is it the normal behaviour ?
Yes. Using the page control doesn't change the overall size limit of the search request. (It's known that Microsoft Active Directory behaves differently here, but it's also clear that they are broken in this area. One among many things they do in violation of the specs.)
How can I do to get all entries from ou people ?
Use an identity that has the privilege to use a larger sizelimit.
Howard Chu a écrit :
Vincent MATHIEU wrote:
I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm). I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
Is it the normal behaviour ?
Yes. Using the page control doesn't change the overall size limit of the search request. (It's known that Microsoft Active Directory behaves differently here, but it's also clear that they are broken in this area. One among many things they do in violation of the specs.)
I use LDAP_CONTROL_PAGED for Active Directory searchs too, and I thought that openldap work like AD ...
How can I do to get all entries from ou people ?
Use an identity that has the privilege to use a larger sizelimit.
Fine ! It's the good method, I didn't know it. But I try to do it :
slapd.conf : sizelimit 2100 limits dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" size=5100
logs ldap : conn=1 op=0 BIND dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" method=128 conn=1 op=0 BIND dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=1 SRCH attr=cn sn givenName mail conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=1 op=2 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=2 SRCH attr=cn sn givenName mail conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=1 op=3 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=3 SRCH attr=cn sn givenName mail conn=1 op=3 SEARCH RESULT tag=101 err=4 nentries=100 text=
dn viewEntries is limited to 2100 entries, and no 5100. Why ? openldap version is 2.3.19
Vincent
Vincent MATHIEU a écrit :
Howard Chu a écrit :
Vincent MATHIEU wrote:
I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm).
I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
Is it the normal behaviour ?
Yes. Using the page control doesn't change the overall size limit of the search request. (It's known that Microsoft Active Directory behaves differently here, but it's also clear that they are broken in this area. One among many things they do in violation of the specs.)
I use LDAP_CONTROL_PAGED for Active Directory searchs too, and I thought that openldap work like AD ...
How can I do to get all entries from ou people ?
Use an identity that has the privilege to use a larger sizelimit.
Fine ! It's the good method, I didn't know it. But I try to do it :
slapd.conf : sizelimit 2100 limits dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" size=5100
logs ldap : conn=1 op=0 BIND dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" method=128 conn=1 op=0 BIND dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=1 SRCH attr=cn sn givenName mail conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=1 op=2 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=2 SRCH attr=cn sn givenName mail conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=1 op=3 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=3 SRCH attr=cn sn givenName mail conn=1 op=3 SEARCH RESULT tag=101 err=4 nentries=100 text=
dn viewEntries is limited to 2100 entries, and no 5100. Why ? openldap version is 2.3.19
It works now : I putted limits parameter in global section of slapd.conf otherwise database section.
Thank's
Vincent
openldap-software@openldap.org
-
Aaron Richton -
Dieter Kluenter -
Howard Chu -
Vincent MATHIEU