Dears,
Added info.
In the group used in the olcLimits, there are 2 users, and limits are unlimited for users I added before as "dn.base" but still remain blocked at 500 for the other one, so it seems the olcLimits by group/groupOfNames/member doesn't work correctly.
Can you help me as it's a blocking issue on my prod systems.
Thx, Jean-Luc.
On Thu, Mar 24, 2022 at 12:27 PM bourguijl@gmail.com wrote:
Dears,
Openldap version : 2.5.7
env 2 MMR 2 Replicas (test env)
I've set and olclimit for one user (dn.base) on my DB and it works fine but in order to move it on my production env, I decided to modify my olclimit by using (group/groupOfNames/member) and place this user as member of the group. This is also works fine on my test env.
I did the same config on my production env which is 4 MMR 4 Replicas and it didn't work :-(
I did a lot of checks to see if there was any difference but it was exactly the same configuration. I did some other test on replicas first by adding a new olclimit for the concerned user ( dn.base) which solved the issue. I decided to remove this newly user olclimit, the olclimit (group/groupOfNames/member) was still there, and was not my surprise, the limitation for my user was still set to unlimited as expected. I did the same on all replicas, adding concerned user, remove it and limits were OK .... very strange. As it was working on replicas, I did try the same on master but no luck, my user stay still limited to 500 entries.
Questions : Is there an order to respect in olclimit type ? why the config is working on test env and not on production one ?
Thx to advice, Jean-Luc