Rébeli-Szabó Tamás wrote:
There is a limit on how much data you can send in a single LDAP request. Read the slapd-config(5) or slapd.conf(5) manpage, SockbufMaxIncoming
Thank you, Howard. Setting the sock_buf_max_incoming_auth parameter did the trick.
If I add 359k members to a group, and then I try to modify the group to add another member, ldapadd hangs. When I trace it, all I can see is continual ldap_result calls, that is, the client is waiting for the update operation to end on the server, and slapd is using nearly 100% of CPU.
Read the slapd.conf(5) manpage, sortvals.
Thanks, but I don't quite see how sortvals is relevant. I don't think the server should hang when any limit is reached. It should rather terminate the operation with a proper error message.
The server is not hanging, it is using up 100% CPU trying to process the update. Using sortvals will reduce the CPU cost of the update.