Hi Everyone,
I am building a new LDAP v 2.4 cluster. We do not allow anonymous binds and set "sizelimit 1" for all users except our service account used for binding.
limits dn.exact="uid=important,ou=sa,dc=blah" size=unlimited time=unlimited provides the bind account unlimited results.
However, for group members, I am still hitting the "sizelimit 1" when trying:
limits group/posixGroup/memberUid="cn=admins,dc=blah" size=unlimited time=unlimited
Our group entry in LDAP:
# admins, group, ldap.server dn: cn=admins,dc=blah objectClass: posixGroup objectClass: top cn: admins memberUid: admin1 memberUid: admin2
From reading the slapd.conf man page, it seems we're not using the default
objectclass "groupOfNames," or attribute "member," however when I use the defaults, or the above which exist in our directory, I still hit "sizelimit 1." Of course using dn.exact for our individual accounts works, though I don't want to touch slapd.conf every time we hire someone.
Do you have any insight into what could be causing this behavior? I have not found the answer yet through extensive searching of the internets.
Thanks,
Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: doug@med.cornell.edu O: 212-746-6305 F: 212-746-8690