Dears,

Added info.

In the group used in the olcLimits, there are 2 users, and limits are unlimited for users I added before as "dn.base" but still remain blocked at 500 for the other one, so it seems the olcLimits by group/groupOfNames/member doesn't work correctly.

Can you help me as it's a blocking issue on my prod systems.

Thx,
Jean-Luc.

On Thu, Mar 24, 2022 at 12:27 PM <bourguijl@gmail.com> wrote:
Dears,

Openldap version : 2.5.7

env 2 MMR 2 Replicas (test env)

I've set and olclimit for one user (dn.base)  on my DB and it works fine but in order to move it on my production env, I decided to modify my olclimit by using (group/groupOfNames/member) and place this user as member of the group. This is also works fine on my test env.

I did the same config on my production env which is 4 MMR 4 Replicas and it didn't work :-(

I did a lot of checks to see if there was any difference but it was exactly the same configuration.
I did some other test on replicas first by adding a new olclimit for the concerned user ( dn.base) which solved the issue.
I decided to remove this newly user olclimit, the olclimit  (group/groupOfNames/member) was still there, and was not my surprise, the limitation for my user was still set to unlimited as expected.
I did the same on all replicas, adding concerned user, remove it and limits were OK .... very strange.
As it was working on replicas, I did try the same on master but no luck, my user stay still limited to 500 entries.

Questions :
Is there an order to respect in olclimit type ?
why the config is working on test env and not on production one ?

Thx to advice,
Jean-Luc