Am Fri, 13 Dec 2013 13:09:07 -0600
schrieb Jason Brandt <jbrandt@fsmail.bradley.edu>:
> My pleasure. That command should work for any changes you need to
> make to the base config, acl's, indexes, etc.
No! That depends on the linux distribution. In order to modify the
config database one has to be authenticated as rootdn cn=config.
Some distributions, but not all, have an entry:
olcAuthzRegexp:
"gidNumber=0\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=config"
This rule allows a connection as root via ldapi to be authenticated as
cn=config.
-Dieter
>
> On Fri, Dec 13, 2013 at 1:03 PM, Clint Petty
> <cpetty@luthresearch.com>wrote:
>
> > Hi Jason,
> >
> >
> >
> > Yes, that worked for me.
> >
> >
> >
> > Thanks
> >
> >
> >
> > *From:* Jason Brandt [mailto:jbrandt@fsmail.bradley.edu]
> > *Sent:* Friday, December 13, 2013 10:13 AM
> > *To:* Clint Petty
> > *Cc:* Howard Chu; openldap-technical@openldap.org
> > *Subject:* Re: ldapsearch limit of 500 entries
> >
> >
> >
> > What command syntax did you use for trying to modify cn=config?
> >
> >
> >
> > You should use EXTERNAL sasl auth when trying to modify base
> > config, with a command such as this:
> >
> >
> >
> > ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f changefile.ldif
> >
> >
> >
> > Then your ldif file, with the value you chose, would be:
> >
> >
> >
> > dn: cn=config
> > changetype: modify
> > replace: olcSizeLimit
> > olcSizeLimit: -1
> >
> >
> >
> > That should work, it's what I use for making any changes to
> > cn=config.
> >
> >
> >
> > On Fri, Dec 13, 2013 at 12:00 PM, Clint Petty
> > <cpetty@luthresearch.com> wrote:
> >
> > I know you are suppose to make changes through the command line,
> > when using cn=config. I tried changing it through ldapmodify,
> > however wasn't able to get it to work. So changed it in the file
> > and it did work. We are transitioning away from cn=config, so this
> > is just a short term solution.
> >
> >
> > -----Original Message-----
> > From: Howard Chu [mailto:hyc@symas.com]
> > Sent: Thursday, December 12, 2013 7:15 PM
> > To: Clint Petty; Jason Brandt
> > Cc: openldap-technical@openldap.org
> > Subject: Re: ldapsearch limit of 500 entries
> >
> > Clint Petty wrote:
> > > Thanks Jason,
> > >
> > > I resolved this issue by adding:
> > >
> > > olcSizeLimit: -1
> > >
> > > to the etc/ldap/slapd.d/cn=config.ldif file.
> >
> > You are not supposed to manually edit the config database files.
> > You should have fed your change in to the running slapd using
> > ldapmodify.
> >
> > cn=config is a slapd database. It will very likely migrate to an
> > LMDB backend
> > in the future. Don't get the notion of manually editing it into
> > your head, because it won't be possible.
> >
> > > and then restarting slapd.
> >
> > There is no need to restart slapd to make configuration changes, if
> > you do them correctly - i.e., using ldapmodify.
> >
> > > Now works!
> > >
> > > *From:*Jason Brandt [mailto:jbrandt@fsmail.bradley.edu]
> > > *Sent:* Thursday, December 12, 2013 11:25 AM
> > > *To:* Clint Petty
> > > *Cc:* openldap-technical@openldap.org
> > > *Subject:* Re: ldapsearch limit of 500 entries
> > >
> > > Note that this will replace any existing limits you have set.
> > >
> > > On Thu, Dec 12, 2013 at 1:24 PM, Jason Brandt <
> > jbrandt@fsmail.bradley.edu
> > > <mailto:jbrandt@fsmail.bradley.edu>> wrote:
> > >
> > > Global size limit modification ldif file (using cn=config):
> > >
> > > dn: cn=config
> > >
> > > changetype: modify
> > >
> > > replace: olcSizeLimit
> > >
> > > olcSizeLimit: size.soft=100 size.hard=500
> > >
> > > Per user size limit changes:
> > >
> > > dn: olcDatabase={1}hdb,cn=config
> > >
> > > changetype: modify
> > >
> > > replace: olcLimits
> > >
> > > olcLimits: dn.exact="uid=user,ou=people,dc=example,dc=com"
> > > size=unlimited
> > >
> > > On Thu, Dec 12, 2013 at 1:16 PM, Clint Petty
> > > <cpetty@luthresearch.com <mailto:cpetty@luthresearch.com>> wrote:
> > >
> > > My ldapsearch command is only returning a max of 500 entries,
> > > while I
> > know I
> > > have over 9,000 entries in the database. If I do not have a
> > > slapd.conf
> > file,
> > > how can I increase the sizelimit, to display all my entries?
> > >
> > >
> > >
> > >
> > > --
> > >
> > > Jason K. Brandt
> > >
> > > Systems Administrator
> > >
> > > Bradley University
> > > (309) 677-2958 <tel:%28309%29%20677-2958>
> > >
> > >
> > >
> > > --
> > >
> > > Jason K. Brandt
> > >
> > > Systems Administrator
> > >
> > > Bradley University
> > > (309) 677-2958
> > >
> >
> >
> > --
> > -- Howard Chu
> > CTO, Symas Corp. http://www.symas.com
> > Director, Highland Sun http://highlandsun.com/hyc/
> > Chief Architect, OpenLDAP http://www.openldap.org/project/
> >
> >
> >
> >
> >
> > --
> >
> > Jason K. Brandt
> >
> > Systems Administrator
> >
> > Bradley University
> > (309) 677-2958
> >
>
>
>
--
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E