Am Fri, 13 Dec 2013 13:09:07 -0600 schrieb Jason Brandt jbrandt@fsmail.bradley.edu:
My pleasure. That command should work for any changes you need to make to the base config, acl's, indexes, etc.
No! That depends on the linux distribution. In order to modify the config database one has to be authenticated as rootdn cn=config. Some distributions, but not all, have an entry:
olcAuthzRegexp: "gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=config"
This rule allows a connection as root via ldapi to be authenticated as cn=config.
-Dieter
On Fri, Dec 13, 2013 at 1:03 PM, Clint Petty cpetty@luthresearch.comwrote:
Hi Jason,
Yes, that worked for me.
Thanks
*From:* Jason Brandt [mailto:jbrandt@fsmail.bradley.edu] *Sent:* Friday, December 13, 2013 10:13 AM *To:* Clint Petty *Cc:* Howard Chu; openldap-technical@openldap.org *Subject:* Re: ldapsearch limit of 500 entries
What command syntax did you use for trying to modify cn=config?
You should use EXTERNAL sasl auth when trying to modify base config, with a command such as this:
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f changefile.ldif
Then your ldif file, with the value you chose, would be:
dn: cn=config changetype: modify replace: olcSizeLimit olcSizeLimit: -1
That should work, it's what I use for making any changes to cn=config.
On Fri, Dec 13, 2013 at 12:00 PM, Clint Petty cpetty@luthresearch.com wrote:
I know you are suppose to make changes through the command line, when using cn=config. I tried changing it through ldapmodify, however wasn't able to get it to work. So changed it in the file and it did work. We are transitioning away from cn=config, so this is just a short term solution.
-----Original Message----- From: Howard Chu [mailto:hyc@symas.com] Sent: Thursday, December 12, 2013 7:15 PM To: Clint Petty; Jason Brandt Cc: openldap-technical@openldap.org Subject: Re: ldapsearch limit of 500 entries
Clint Petty wrote:
Thanks Jason,
I resolved this issue by adding:
olcSizeLimit: -1
to the etc/ldap/slapd.d/cn=config.ldif file.
You are not supposed to manually edit the config database files. You should have fed your change in to the running slapd using ldapmodify.
cn=config is a slapd database. It will very likely migrate to an LMDB backend in the future. Don't get the notion of manually editing it into your head, because it won't be possible.
and then restarting slapd.
There is no need to restart slapd to make configuration changes, if you do them correctly - i.e., using ldapmodify.
Now works!
*From:*Jason Brandt [mailto:jbrandt@fsmail.bradley.edu] *Sent:* Thursday, December 12, 2013 11:25 AM *To:* Clint Petty *Cc:* openldap-technical@openldap.org *Subject:* Re: ldapsearch limit of 500 entries
Note that this will replace any existing limits you have set.
On Thu, Dec 12, 2013 at 1:24 PM, Jason Brandt <
jbrandt@fsmail.bradley.edu
mailto:jbrandt@fsmail.bradley.edu> wrote:
Global size limit modification ldif file (using cn=config):
dn: cn=config
changetype: modify
replace: olcSizeLimit
olcSizeLimit: size.soft=100 size.hard=500
Per user size limit changes:
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcLimits
olcLimits: dn.exact="uid=user,ou=people,dc=example,dc=com" size=unlimited
On Thu, Dec 12, 2013 at 1:16 PM, Clint Petty <cpetty@luthresearch.com mailto:cpetty@luthresearch.com> wrote:
My ldapsearch command is only returning a max of 500 entries, while I
know I
have over 9,000 entries in the database. If I do not have a slapd.conf
file,
how can I increase the sizelimit, to display all my entries?
--
Jason K. Brandt
Systems Administrator
Bradley University (309) 677-2958 tel:%28309%29%20677-2958
--
Jason K. Brandt
Systems Administrator
Bradley University (309) 677-2958
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--
Jason K. Brandt
Systems Administrator
Bradley University (309) 677-2958