Hello all
I do not seem to be able to get per-dn limits working ...
openldap-2.4.25 on Solaris 11 x86
I have put the following in slapd.conf:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com" size=unlimited time=unlimited
access to * by dn="cn=repl_ldap,dc=domain,dc=com" read ...
(obviously the syncrepl user ;-)
and also: syncrepl rid=1 ... sizelimit="unlimited" timelimit="unlimited" searchbase="dc=domain,dc=com" binddn="n=repl_ldap,dc=domain,dc=com"
on the consumer side
But the DN always gets a maximum of 500 entries, whether using ldapsearch or during replication:
# ldapsearch -x -h localhost '(objectClass=*)' -D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com" Enter LDAP Password:XXXX
[...]
# search result search: 2 result: 4 Size limit exceeded
# numResponses: 501 # numEntries: 500
While there are ~700 entries in the directory.
The same happens during replication, where only 500 entries are synced to the consumer (eg. if I delete the local DB on the consumer and restart slapd)
Only if I set ... sizelimit unlimited timelimit unlimited ...
globally in the provider's slapd.conf (i.e. before any database definition), does repl_ldap receive all entries.
Is there anything else I need to configure in order to allow the DN access to all entries?
thx /markus
PS: I have also tried different variants of the following: limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
Hi all
I have reproduced the same behaviour with 2.4.28 on Linux and Solaris.
Any chance this is a recursion/bug?
krgds /markus
On 11/24/11 21:23, Markus Wernig wrote:
Hello all
I do not seem to be able to get per-dn limits working ...
openldap-2.4.25 on Solaris 11 x86
I have put the following in slapd.conf:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com" size=unlimited time=unlimited
access to * by dn="cn=repl_ldap,dc=domain,dc=com" read ...
(obviously the syncrepl user ;-)
and also: syncrepl rid=1 ... sizelimit="unlimited" timelimit="unlimited" searchbase="dc=domain,dc=com" binddn="n=repl_ldap,dc=domain,dc=com"
on the consumer side
But the DN always gets a maximum of 500 entries, whether using ldapsearch or during replication:
# ldapsearch -x -h localhost '(objectClass=*)' -D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com" Enter LDAP Password:XXXX
[...]
# search result search: 2 result: 4 Size limit exceeded
# numResponses: 501 # numEntries: 500
While there are ~700 entries in the directory.
The same happens during replication, where only 500 entries are synced to the consumer (eg. if I delete the local DB on the consumer and restart slapd)
Only if I set ... sizelimit unlimited timelimit unlimited ...
globally in the provider's slapd.conf (i.e. before any database definition), does repl_ldap receive all entries.
Is there anything else I need to configure in order to allow the DN access to all entries?
thx /markus
PS: I have also tried different variants of the following: limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
Hi all
I have reproduced the same behaviour with 2.4.28 on Linux and Solaris.
Any chance this is a recursion/bug?
The "limits" statement is database-specific; where did you put it in slapd.conf? It must be within the database it applies to.
p.
krgds /markus
On 11/24/11 21:23, Markus Wernig wrote:
Hello all
I do not seem to be able to get per-dn limits working ...
openldap-2.4.25 on Solaris 11 x86
I have put the following in slapd.conf:
limits dn.exact="cn=repl_ldap,dc=domain,dc=com" size=unlimited time=unlimited
access to * by dn="cn=repl_ldap,dc=domain,dc=com" read ...
(obviously the syncrepl user ;-)
and also: syncrepl rid=1 ... sizelimit="unlimited" timelimit="unlimited" searchbase="dc=domain,dc=com" binddn="n=repl_ldap,dc=domain,dc=com"
on the consumer side
But the DN always gets a maximum of 500 entries, whether using ldapsearch or during replication:
# ldapsearch -x -h localhost '(objectClass=*)' -D"cn=repl_ldap,dc=domain,dc=com" -W -b "dc=domain,dc=com" Enter LDAP Password:XXXX
[...]
# search result search: 2 result: 4 Size limit exceeded
# numResponses: 501 # numEntries: 500
While there are ~700 entries in the directory.
The same happens during replication, where only 500 entries are synced to the consumer (eg. if I delete the local DB on the consumer and restart slapd)
Only if I set ... sizelimit unlimited timelimit unlimited ...
globally in the provider's slapd.conf (i.e. before any database definition), does repl_ldap receive all entries.
Is there anything else I need to configure in order to allow the DN access to all entries?
thx /markus
PS: I have also tried different variants of the following: limits dn.exact="cn=repl_ldap,dc=domain,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
On 11/27/11 23:51, masarati@aero.polimi.it wrote:
The "limits" statement is database-specific; where did you put it in slapd.conf? It must be within the database it applies to.
Aaahh ... RTFM, I keep telling myself. Had put it in the global ACL section. Thank you very much for the pointer.
/m
openldap-technical@openldap.org