Hi all,
is there a limit for the number of attributes for entries? Specifically, I want to have 500,000 uniqueMembers for a group entry, but I cannot add more than 359,000. When I try to add 360,000 or more, I get:
"ldapadd: update failed ... ldap_add: Can't contact LDAP server (-1)"
The group entry look like this:
dn: cn=biggroup,ou=groups,dc=test,dc=com objectClass:top objectClass: groupOfUniqueNames cn: Ah, big group uniqueMember: uid=user1,ou=users,dc=test,dc=com uniqueMember: uid=user2,ou=users,dc=test,dc=com ... uniqueMember: uid=user359000,ou=users,dc=test,dc=com
I have 1 million users in ou=users,dc=test,dc=com (so I haven't run into a limit here).
I am on 2.4.41, LMDB with 4G maxsize (RHEL 5.10; 2.6.39). I have no limits set in slapd.conf.
Another, related issue:
If I add 359k members to a group, and then I try to modify the group to add another member, ldapadd hangs. When I trace it, all I can see is continual ldap_result calls, that is, the client is waiting for the update operation to end on the server, and slapd is using nearly 100% of CPU.
If I restart the server, I can add one member, but I cannot add say a hundred thousand more.
Any hint is appreciated.
Regards,
tamas
Rébeli-Szabó Tamás wrote:
Hi all,
is there a limit for the number of attributes for entries?
No.
Specifically, I want to have 500,000 uniqueMembers for a group entry, but I cannot add more than 359,000. When I try to add 360,000 or more, I get:
"ldapadd: update failed ... ldap_add: Can't contact LDAP server (-1)"
There is a limit on how much data you can send in a single LDAP request. Read the slapd-config(5) or slapd.conf(5) manpage, SockbufMaxIncoming
The group entry look like this:
dn: cn=biggroup,ou=groups,dc=test,dc=com objectClass:top objectClass: groupOfUniqueNames cn: Ah, big group uniqueMember: uid=user1,ou=users,dc=test,dc=com uniqueMember: uid=user2,ou=users,dc=test,dc=com ... uniqueMember: uid=user359000,ou=users,dc=test,dc=com
I have 1 million users in ou=users,dc=test,dc=com (so I haven't run into a limit here).
I am on 2.4.41, LMDB with 4G maxsize (RHEL 5.10; 2.6.39). I have no limits set in slapd.conf.
Another, related issue:
If I add 359k members to a group, and then I try to modify the group to add another member, ldapadd hangs. When I trace it, all I can see is continual ldap_result calls, that is, the client is waiting for the update operation to end on the server, and slapd is using nearly 100% of CPU.
Read the slapd.conf(5) manpage, sortvals.
If I restart the server, I can add one member, but I cannot add say a hundred thousand more.
Any hint is appreciated.
Regards,
tamas
There is a limit on how much data you can send in a single LDAP request. Read the slapd-config(5) or slapd.conf(5) manpage, SockbufMaxIncoming
Thank you, Howard. Setting the sock_buf_max_incoming_auth parameter did the trick.
If I add 359k members to a group, and then I try to modify the group to add another member, ldapadd hangs. When I trace it, all I can see is continual ldap_result calls, that is, the client is waiting for the update operation to end on the server, and slapd is using nearly 100% of CPU.
Read the slapd.conf(5) manpage, sortvals.
Thanks, but I don't quite see how sortvals is relevant. I don't think the server should hang when any limit is reached. It should rather terminate the operation with a proper error message.
tamas
Rébeli-Szabó Tamás wrote:
There is a limit on how much data you can send in a single LDAP request. Read the slapd-config(5) or slapd.conf(5) manpage, SockbufMaxIncoming
Thank you, Howard. Setting the sock_buf_max_incoming_auth parameter did the trick.
If I add 359k members to a group, and then I try to modify the group to add another member, ldapadd hangs. When I trace it, all I can see is continual ldap_result calls, that is, the client is waiting for the update operation to end on the server, and slapd is using nearly 100% of CPU.
Read the slapd.conf(5) manpage, sortvals.
Thanks, but I don't quite see how sortvals is relevant. I don't think the server should hang when any limit is reached. It should rather terminate the operation with a proper error message.
The server is not hanging, it is using up 100% CPU trying to process the update. Using sortvals will reduce the CPU cost of the update.
openldap-technical@openldap.org