Hi all,
I can not apply a limits directive to my slapd.conf. I need a user (cn=replicator,ou=AppUsers,dc=company,dc=net) to have read access to all entries of a database. The global sizelimits ( 1000) seems to override any other database directive. Each ldapsearch returns a " 4 Size limit exceeded".
openldap version : 2.4.42 here is a sample of my slapd.conf
... # Define global ACLs to disable default read access.
sizelimit 1000 timelimit 5
tool-threads 8
pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args
####################################################################### # database definitions #######################################################################
######################################### # Directories DATABASE ######################################### database mdb suffix "ou=Directories,dc=company,dc=net" subordinate checkpoint 1024 5 dbnosync maxsize 10737418240 envflags writemap rootdn "cn=admin,dc=company,dc=net"
# Mode 700 recommended. directory /var/lib/openldap/ldap
# acl authz-regexp uid=([^,]*),cn=digest-md5,cn=auth ldap:///ou=company,dc=company,dc=net??sub?(&(objectclass=psnDirectoryContact)(cli=sipdefault:$1))
access to * by dn.exact="cn=replicator,ou=AppUsers,dc=company,dc=net" write by * break
...........
access to dn.sub="ou=AppUsers,dc=company,dc=net" attrs=userpassword by anonymous auth by * none
# Indices to maintain index cn,dc,sn,uid,mail,telephoneNumber pres,eq,sub index arecord,description eq index objectClass,macAddress,custID,locationID,zoneGroupPrefix,entryUUID,entryCSN pres,eq
# Sync Repl overlay syncprov # all standard entries in the accesslog that were successful syncrepl rid=0 provider=ldap:// bindmethod=simple binddn="cn=user,ou=login,cn=system" credentials=secret searchbase="ou=Directories,dc=company,dc=net" logbase="cn=accesslog_directories" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog
#limits limits dn.exact="cn=replicator,ou=AppUsers,dc=company,dc=net" size=unlimited time=unlimited
....
thanks in advance.