RAIMBAULT Alain - Contractor wrote:
Thanks for pointing at this element. I modified my ldif in consequence
# cat sizelimit.ldif dn: cn=config changetype: modify replace: olcSizeLimit olcSizeLimit: unlimited
root@ccase03 # grep olcRoot olcDatabase={1}mdb.ldif olcRootDN: cn=Manager,dc=tosa,dc=thales olcRootPW:: e1NTSEF9QTVnK3BPV2dWM2p6V29DZkRrSjVZZ1YwUDROS2RDTWg= ^ strange ! two semicolons in a row
root@laselainfldap01p:/etc/openldap/slapd.d/cn=config# ldapmodify -v -h 10.136.16.197 -D "cn=Manager,dc=tosa,dc=thales" -w tco_tosa_thales -f sizelimit.ldif ldap_initialize( ldap://10.136.16.197 ) replace olcSizeLimit: unlimited modifying entry "cn=config" ldap_modify: Insufficient access (50)
AFAIK you have to use "cn=config" as username (-D parameter) to modify the configuration. Additionly you will have to use the -x parameter for simple auth. IMHO you will need a olcAuthzRegexp like gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth dn:cn=config to use SASL mech EXTERNAL to modyfy your configuration.
root@laselainfldap01p:/etc/openldap/slapd.d/cn=config#
Kind regards, Alain
-----Message d'origine----- De : Ulrich Windl <Ulrich.Windl(a)rz.uni-regensburg.de> Envoyé : mardi 7 juin 2022 07:48 À : RAIMBAULT Alain - Contractor <alain.raimbault(a)external.thalesgroup.com>; openldap-technical(a)openldap.org Objet : Antw: [EXT] Failing to modify olcSizeLimit
RAIMBAULT Alain - Contractor <alain.raimbault(a)external.thalesgroup.com>
schrieb
am 03.06.2022 um 14:51 in Nachricht <bf0f0f6351b94d74b437c24db1da4817(a)external.thalesgroup.com>: ...
# cat sizelimit.ldif dn: cn=config changetype: modify replace: olcSizeLimit olcSizeLimit: ‑1
Despite of the rest we use a large positive number here, and the docs here mention "unlimited", but not -1.
...
Regards, Ulrich