Hi Everyone,

I am building a new LDAP v 2.4 cluster.   We do not allow anonymous binds and set "sizelimit 1" for all users except our service account used for binding.  

limits dn.exact="uid=important,ou=sa,dc=blah" size=unlimited time=unlimited provides the bind account unlimited results.

However, for group members, I am still hitting the "sizelimit 1" when trying:

limits group/posixGroup/memberUid="cn=admins,dc=blah" size=unlimited time=unlimited

Our group entry in LDAP:

# admins, group, ldap.server
dn: cn=admins,dc=blah
objectClass: posixGroup
objectClass: top
cn: admins
memberUid: admin1
memberUid: admin2

From reading the slapd.conf man page, it seems we're not using the default objectclass "groupOfNames," or attribute "member," however when I use the defaults, or the above which exist in our directory, I still hit "sizelimit 1."  Of course using dn.exact for our individual accounts works, though I don't want to touch slapd.conf every time we hire someone.

Do you have any insight into what could be causing this behavior?  I have not found the answer yet through extensive searching of the internets.

Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics
Weill Cornell Medicine
E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690