-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear Quanah and list members,
Indeed, man slapd.conf should have my first guess. Thank you for pointing it out.
Nonetheless, I can't get the limits to work. In my master slapd.conf I have :
limits dn.exact="cn=repuser,dc=mydom,dc=fr" size.soft=unlimited size.hard=unlimited size.unchecked=unlimited
In my replica slapd.conf syncrepl section I have :
bindmethod=simple binddn="cn=repuser,dc=mydom,dc=fr" credentials=secret updatedn="cn=repuser,dc=mydom,dc=fr"
However, when I try to sync the replica with the master, it stops after looking up 500 entries. I end up with an incomplete replica which never goes beyond the same point. The limit is confirmed by :
# grep be_search slapd.log | wc -l 500
in the replica log (I set loglevel to 16384 for this test). That, with the fact that I couldn't find the limits directive in the openldap documentation, is what made me wrongly presume that limits didn't work in openldap 2.3. Sorry for the confusion.
If I use "sizelimit unlimited" in my master slapd.conf the problem disappears without modifying any other parameter.
I presume it's my limits directive that has a problem. I don't think it's the user dn, the user exists in the master directory :
$ ldapsearch -x -H ldaps://master.mydom.fr:636/ -b "dc=mydom,dc=fr" -LLL "(cn=repuser)" dn dn: cn=repuser,dc=mydom,dc=fr
and anyway it wouldn't work at all, not just for 500 entries.
So why are default limits overriding my limits? I really can't work out what I'm doing wrong. Any help would be greatly appreciated.
Thanks,
Dans sa grande sagesse, Quanah Gibson-Mount a écrit, le 02.03.2009 18:45 :
--On Monday, March 02, 2009 4:22 PM +0100 Oliver Henriot Oliver.Henriot@imag.fr wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear list members,
Is there a mechanism to control acces limits in openldap 2.3 similar to what can be achieved with the openldap 2.4 limits directive (http://www.openldap.org/doc/admin24/limits.html)?
Appart from sizelimit and timelimit, which are not dn specific and therefore do not allow the same fine tuning as the limits directive, I haven't found anything. Maybe I missed it?
The "limits" directive is also part of OpenLDAP 2.3.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
- -- Oliver Henriot B.Sc. Ph.D. | Technicien de Maintenance Moyens Informatiques et Multimédia | UMS MI2S | http://mi2s.imag.fr/ Domaine universitaire BP53 | 38041 Grenoble cedex 9 | France tel.: +33 4 76 51 43 48 | fax: +33 4 76 51 47 15