Thanks. Yes, very helpful.

For the group that lists our accounts I now have full DN

dn: cn=admins,ou=group,dc=server,dc=domain

objectClass: posixGroup

objectClass: top

cn: admins

memberUid: uid=user,ou=accounts,dc=server,dc=domain

slapd.conf:

limits group/posixGroup/memberUid="cn=admins,ou=group,dc=server,dc=domain" size=unlimited time=unlimited

Though I am still hitting the limit.

Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit

Physiology and Biophysics

Weill Cornell Medicine

E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690

On Wed, Jul 19, 2017 at 6:25 PM, Quanah Gibson-Mount <quanah@symas.com> wrote:

--On Tuesday, July 18, 2017 4:32 PM -0400 Douglas Duckworth
<dod2014@med.cornell.edu> wrote:

># admins, group, ldap.server
> dn: cn=admins,dc=blah
> objectClass: posixGroup
> objectClass: top
> cn: admins
> memberUid: admin1
> memberUid: admin2
>
> Do you have any insight into what could be causing this behavior? I
> have not found the answer yet through extensive searching of the
> internets.

Hi Douglas,

The answer lies in the slapd.conf(5) man page, in the description of the
"limits" directive, specifically in this portion:

"sets the limits for any DN listed in the values of the at attribute"

memberUID does not contain a DN, therefore it cannot be used. Hope that
helps!

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.symas.com&d=DwIFaQ&c=lb62iw4YL4RFalcE2hQUQealT9-RXrryqt9KZX2qu2s&r=2Fzhh_78OGspKQpl_e-CbhH6xUjnRkaqPFUS2wTJ2cw&m=91FmzFy5LT0oV9_Olhg0-lXej0TEADB8w4Tft72zqXs&s=rnsVibsarNFQ1327v29L487KiPFGapoLz4PZ55l7Hsc&e= >