Hello Quanah,
Here is my configuration on both environments :
olcLimits: {1}group/groupOfNames/member="cn=Sailpoint Access,ou=Applications G roups,ou=Groups,ou=staff,o=mobistar.be" size.soft=unlimited size.hard=unlimi ted time.soft=unlimited time.hard=unlimited
and the content of the group
# Sailpoint Access, Applications Groups, Groups, staff, mobistar.be dn: cn=Sailpoint Access,ou=Applications Groups,ou=Groups,ou=staff,o= mobistar.be cn: Sailpoint Access objectClass: top objectClass: groupOfUniqueNames uniqueMember: uid=diams,ou=Test,ou=System,o=mobistar.be uniqueMember: uid=diamst,ou=Test,ou=System,o=mobistar.be
As promised I did some more tests on my non-prod env as I already did on my prod one and I've the same issue. I fact, my olcLimits works for user I moved from an olcLimits type "dn.base" to "group/groupOfNames/member" in group where it's member but it doesn't work for user added after in the group as "diamst" here above.
Let me know if you need some more details to reproduce the issue.
Thx for your help.
Brgds, Jean-Luc.
On Mon, Mar 28, 2022 at 11:56 PM Jean-Luc Bourguignon bourguijl@gmail.com wrote:
Hello Quanah,
I’ll do some tests against my non-prod and I’ll come back to you.
Brgds, Jean-Luc
On 28 Mar 2022, at 18:56, Quanah Gibson-Mount quanah@fast-mail.org
wrote:
--On Monday, March 28, 2022 11:25 AM +0200 Jean-Luc Bourguignon <
bourguijl@gmail.com> wrote:
Dears,
Added info.
In the group used in the olcLimits, there are 2 users, and limits are unlimited for users I added before as "dn.base" but still remain blocked at 500 for the other one, so it seems the olcLimits by group/groupOfNames/member doesn't work correctly.
Can you help me as it's a blocking issue on my prod systems.
Without knowing your configuration, we can't really provide an answer.
Clearly something in your configuration is not what you think it is, but that's the best I can say. Particuarly since it works in your non-prod environment but not in production.
Regards, Quanah